diff options
| author | dougb <dougb@FreeBSD.org> | 2011-09-01 05:24:42 +0000 |
|---|---|---|
| committer | dougb <dougb@FreeBSD.org> | 2011-09-01 05:24:42 +0000 |
| commit | ada65d99fb1417107a796d4d82e039f1d9a956a0 (patch) | |
| tree | f929ac955ed5ffe7020bc29e63139cb1c4d71c57 /lib | |
| parent | 25b6a0332b63209d2c179bbe5581562e79f3d168 (diff) | |
| download | FreeBSD-src-ada65d99fb1417107a796d4d82e039f1d9a956a0.zip FreeBSD-src-ada65d99fb1417107a796d4d82e039f1d9a956a0.tar.gz | |
Vendor import of BIND 9.8.1
Diffstat (limited to 'lib')
126 files changed, 1924 insertions, 1005 deletions
diff --git a/lib/bind9/api b/lib/bind9/api index 78dd0b4..26a5fba 100644 --- a/lib/bind9/api +++ b/lib/bind9/api @@ -1,3 +1,3 @@ LIBINTERFACE = 80 -LIBREVISION = 1 +LIBREVISION = 3 LIBAGE = 0 diff --git a/lib/bind9/check.c b/lib/bind9/check.c index 6fa9aa9..6711f28 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: check.c,v 1.125 2011-01-07 23:47:07 tbox Exp $ */ +/* $Id: check.c,v 1.125.14.6 2011-06-17 07:04:31 each Exp $ */ /*! \file */ @@ -1999,7 +1999,7 @@ check_trusted_key(const cfg_obj_t *key, isc_boolean_t managed, const char *keystr, *keynamestr; dns_fixedname_t fkeyname; dns_name_t *keyname; - isc_buffer_t keydatabuf; + isc_buffer_t b; isc_region_t r; isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; @@ -2009,9 +2009,20 @@ check_trusted_key(const cfg_obj_t *key, isc_boolean_t managed, flags = cfg_obj_asuint32(cfg_tuple_get(key, "flags")); proto = cfg_obj_asuint32(cfg_tuple_get(key, "protocol")); alg = cfg_obj_asuint32(cfg_tuple_get(key, "algorithm")); + + dns_fixedname_init(&fkeyname); keyname = dns_fixedname_name(&fkeyname); keynamestr = cfg_obj_asstring(cfg_tuple_get(key, "name")); + isc_buffer_init(&b, keynamestr, strlen(keynamestr)); + isc_buffer_add(&b, strlen(keynamestr)); + result = dns_name_fromtext(keyname, &b, dns_rootname, 0, NULL); + if (result != ISC_R_SUCCESS) { + cfg_obj_log(key, logctx, ISC_LOG_WARNING, "bad key name: %s\n", + isc_result_totext(result)); + result = ISC_R_FAILURE; + } + if (flags > 0xffff) { cfg_obj_log(key, logctx, ISC_LOG_WARNING, "flags too big: %u\n", flags); @@ -2041,17 +2052,17 @@ check_trusted_key(const cfg_obj_t *key, isc_boolean_t managed, } } - isc_buffer_init(&keydatabuf, keydata, sizeof(keydata)); + isc_buffer_init(&b, keydata, sizeof(keydata)); keystr = cfg_obj_asstring(cfg_tuple_get(key, "key")); - tresult = isc_base64_decodestring(keystr, &keydatabuf); + tresult = isc_base64_decodestring(keystr, &b); if (tresult != ISC_R_SUCCESS) { cfg_obj_log(key, logctx, ISC_LOG_ERROR, "%s", isc_result_totext(tresult)); result = ISC_R_FAILURE; } else { - isc_buffer_usedregion(&keydatabuf, &r); + isc_buffer_usedregion(&b, &r); if ((alg == DST_ALG_RSASHA1 || alg == DST_ALG_RSAMD5) && r.length > 1 && r.base[0] == 1 && r.base[1] == 3) @@ -2075,9 +2086,16 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, isc_symtab_t *symtab = NULL; isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult = ISC_R_SUCCESS; - cfg_aclconfctx_t actx; + cfg_aclconfctx_t *actx = NULL; const cfg_obj_t *obj; + const cfg_obj_t *options = NULL; isc_boolean_t enablednssec, enablevalidation; + const char *valstr = "no"; + + /* + * Get global options block + */ + (void)cfg_map_get(config, "options", &options); /* * Check that all zone statements are syntactically correct and @@ -2088,7 +2106,7 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, if (tresult != ISC_R_SUCCESS) return (ISC_R_NOMEMORY); - cfg_aclconfctx_init(&actx); + cfg_aclconfctx_create(mctx, &actx); if (voptions != NULL) (void)cfg_map_get(voptions, "zone", &zones); @@ -2103,7 +2121,7 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, const cfg_obj_t *zone = cfg_listelt_value(element); tresult = check_zoneconf(zone, voptions, config, symtab, - vclass, &actx, logctx, mctx); + vclass, actx, logctx, mctx); if (tresult != ISC_R_SUCCESS) result = ISC_R_FAILURE; } @@ -2114,8 +2132,6 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, * Check that forwarding is reasonable. */ if (voptions == NULL) { - const cfg_obj_t *options = NULL; - (void)cfg_map_get(config, "options", &options); if (options != NULL) if (check_forward(options, NULL, logctx) != ISC_R_SUCCESS) @@ -2129,8 +2145,6 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, * Check that dual-stack-servers is reasonable. */ if (voptions == NULL) { - const cfg_obj_t *options = NULL; - (void)cfg_map_get(config, "options", &options); if (options != NULL) if (check_dual_stack(options, logctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; @@ -2191,8 +2205,8 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, obj = NULL; if (voptions != NULL) (void)cfg_map_get(voptions, "dnssec-enable", &obj); - if (obj == NULL) - (void)cfg_map_get(config, "dnssec-enable", &obj); + if (obj == NULL && options != NULL) + (void)cfg_map_get(options, "dnssec-enable", &obj); if (obj == NULL) enablednssec = ISC_TRUE; else @@ -2201,16 +2215,23 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, obj = NULL; if (voptions != NULL) (void)cfg_map_get(voptions, "dnssec-validation", &obj); - if (obj == NULL) - (void)cfg_map_get(config, "dnssec-validation", &obj); - if (obj == NULL) - enablevalidation = ISC_FALSE; /* XXXMPA Change for 9.5. */ - else + if (obj == NULL && options != NULL) + (void)cfg_map_get(options, "dnssec-validation", &obj); + if (obj == NULL) { + enablevalidation = enablednssec; + valstr = "yes"; + } else if (cfg_obj_isboolean(obj)) { enablevalidation = cfg_obj_asboolean(obj); + valstr = enablevalidation ? "yes" : "no"; + } else { + enablevalidation = ISC_TRUE; + valstr = "auto"; + } if (enablevalidation && !enablednssec) cfg_obj_log(obj, logctx, ISC_LOG_WARNING, - "'dnssec-validation yes;' and 'dnssec-enable no;'"); + "'dnssec-validation %s;' and 'dnssec-enable no;'", + valstr); /* * Check trusted-keys and managed-keys. @@ -2266,25 +2287,25 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, if (tresult != ISC_R_SUCCESS) result = tresult; - tresult = check_viewacls(&actx, voptions, config, logctx, mctx); + tresult = check_viewacls(actx, voptions, config, logctx, mctx); if (tresult != ISC_R_SUCCESS) result = tresult; - tresult = check_recursionacls(&actx, voptions, viewname, + tresult = check_recursionacls(actx, voptions, viewname, config, logctx, mctx); if (tresult != ISC_R_SUCCESS) result = tresult; - tresult = check_filteraaaa(&actx, voptions, viewname, config, + tresult = check_filteraaaa(actx, voptions, viewname, config, logctx, mctx); if (tresult != ISC_R_SUCCESS) result = tresult; - tresult = check_dns64(&actx, voptions, config, logctx, mctx); + tresult = check_dns64(actx, voptions, config, logctx, mctx); if (tresult != ISC_R_SUCCESS) result = tresult; - cfg_aclconfctx_clear(&actx); + cfg_aclconfctx_detach(&actx); return (result); } @@ -2441,7 +2462,7 @@ bind9_check_controls(const cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) { isc_result_t result = ISC_R_SUCCESS, tresult; - cfg_aclconfctx_t actx; + cfg_aclconfctx_t *actx = NULL; const cfg_listelt_t *element, *element2; const cfg_obj_t *allow; const cfg_obj_t *control; @@ -2462,7 +2483,7 @@ bind9_check_controls(const cfg_obj_t *config, isc_log_t *logctx, (void)cfg_map_get(config, "key", &keylist); - cfg_aclconfctx_init(&actx); + cfg_aclconfctx_create(mctx, &actx); /* * INET: Check allow clause. @@ -2482,7 +2503,7 @@ bind9_check_controls(const cfg_obj_t *config, isc_log_t *logctx, control = cfg_listelt_value(element2); allow = cfg_tuple_get(control, "allow"); tresult = cfg_acl_fromconfig(allow, config, logctx, - &actx, mctx, 0, &acl); + actx, mctx, 0, &acl); if (acl != NULL) dns_acl_detach(&acl); if (tresult != ISC_R_SUCCESS) @@ -2529,7 +2550,7 @@ bind9_check_controls(const cfg_obj_t *config, isc_log_t *logctx, result = tresult; } } - cfg_aclconfctx_clear(&actx); + cfg_aclconfctx_detach(&actx); return (result); } diff --git a/lib/dns/Makefile.in b/lib/dns/Makefile.in index 45c5c2a..5bbf793 100644 --- a/lib/dns/Makefile.in +++ b/lib/dns/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.176 2011-01-13 01:59:27 marka Exp $ +# $Id: Makefile.in,v 1.176.8.2 2011-03-10 04:29:17 each Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -97,11 +97,13 @@ DNSSRCS = acache.c acl.c adb.c byaddr.c \ stats.c tcpmsg.c time.c timer.c tkey.c \ tsec.c tsig.c ttl.c validator.c \ version.c view.c xfrin.c zone.c zonekey.c zt.c ${OTHERSRCS} + SRCS = ${DSTSRCS} ${DNSSRCS} -SUBDIRS = include +SUBDIRS = include TARGETS = include/dns/enumtype.h include/dns/enumclass.h \ include/dns/rdatastruct.h timestamp +TESTDIRS = @UNITTESTS@ DEPENDEXTRA = ./gen -F include/dns/rdatastruct.h \ -s ${srcdir} -d >> Makefile ; diff --git a/lib/dns/acl.c b/lib/dns/acl.c index 118e394..9880216 100644 --- a/lib/dns/acl.c +++ b/lib/dns/acl.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: acl.c,v 1.53 2009-01-17 23:47:42 tbox Exp $ */ +/* $Id: acl.c,v 1.53.426.2 2011-06-17 23:47:11 tbox Exp $ */ /*! \file */ @@ -99,6 +99,7 @@ static isc_result_t dns_acl_anyornone(isc_mem_t *mctx, isc_boolean_t neg, dns_acl_t **target) { isc_result_t result; dns_acl_t *acl = NULL; + result = dns_acl_create(mctx, 0, &acl); if (result != ISC_R_SUCCESS) return (result); @@ -341,7 +342,6 @@ dns_acl_merge(dns_acl_t *dest, dns_acl_t *source, isc_boolean_t pos) } } - /* * Merge the iptables. Make sure the destination ACL's * node_count value is set correctly afterward. @@ -439,6 +439,7 @@ dns_aclelement_match(const isc_netaddr_t *reqaddr, void dns_acl_attach(dns_acl_t *source, dns_acl_t **target) { REQUIRE(DNS_ACL_VALID(source)); + isc_refcount_increment(&source->refcount, NULL); *target = source; } @@ -446,6 +447,9 @@ dns_acl_attach(dns_acl_t *source, dns_acl_t **target) { static void destroy(dns_acl_t *dacl) { unsigned int i; + + INSIST(!ISC_LINK_LINKED(dacl, nextincache)); + for (i = 0; i < dacl->length; i++) { dns_aclelement_t *de = &dacl->elements[i]; if (de->type == dns_aclelementtype_keyname) { @@ -470,7 +474,9 @@ void dns_acl_detach(dns_acl_t **aclp) { dns_acl_t *acl = *aclp; unsigned int refs; + REQUIRE(DNS_ACL_VALID(acl)); + isc_refcount_decrement(&acl->refcount, &refs); if (refs == 0) destroy(acl); @@ -590,6 +596,7 @@ dns_acl_isinsecure(const dns_acl_t *a) { isc_result_t dns_aclenv_init(isc_mem_t *mctx, dns_aclenv_t *env) { isc_result_t result; + env->localhost = NULL; env->localnets = NULL; result = dns_acl_create(mctx, 0, &env->localhost); diff --git a/lib/dns/adb.c b/lib/dns/adb.c index fcc2dd8..ba89654 100644 --- a/lib/dns/adb.c +++ b/lib/dns/adb.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: adb.c,v 1.254 2010-12-21 23:47:08 tbox Exp $ */ +/* $Id: adb.c,v 1.254.14.4 2011-03-13 03:36:47 marka Exp $ */ /*! \file * @@ -910,6 +910,8 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset, if (rdataset->trust == dns_trust_glue || rdataset->trust == dns_trust_additional) rdataset->ttl = ADB_CACHE_MINIMUM; + else if (rdataset->trust == dns_trust_ultimate) + rdataset->ttl = 0; else rdataset->ttl = ttlclamp(rdataset->ttl); @@ -2195,7 +2197,6 @@ check_expire_name(dns_adbname_t **namep, isc_stdtime_t now) { static void check_stale_name(dns_adb_t *adb, int bucket, isc_stdtime_t now) { int victims, max_victims; - isc_boolean_t result; dns_adbname_t *victim, *next_victim; isc_boolean_t overmem = isc_mem_isovermem(adb->mctx); int scans = 0; @@ -2217,7 +2218,7 @@ check_stale_name(dns_adb_t *adb, int bucket, isc_stdtime_t now) { INSIST(!NAME_DEAD(victim)); scans++; next_victim = ISC_LIST_PREV(victim, plink); - result = check_expire_name(&victim, now); + (void)check_expire_name(&victim, now); if (victim == NULL) { victims++; goto next; @@ -2762,6 +2763,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, REQUIRE((options & DNS_ADBFIND_ADDRESSMASK) != 0); result = ISC_R_UNEXPECTED; + POST(result); wanted_addresses = (options & DNS_ADBFIND_ADDRESSMASK); wanted_fetches = 0; query_pending = 0; @@ -2813,6 +2815,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, */ bucket = DNS_ADB_INVALIDBUCKET; adbname = find_name_and_lock(adb, name, find->options, &bucket); + INSIST(bucket != DNS_ADB_INVALIDBUCKET); if (adb->name_sd[bucket]) { DP(DEF_LEVEL, "dns_adb_createfind: returning ISC_R_SHUTTINGDOWN"); @@ -3167,6 +3170,7 @@ dns_adb_cancelfind(dns_adbfind_t *find) { } UNLOCK(&adb->namelocks[unlock_bucket]); bucket = DNS_ADB_INVALIDBUCKET; + POST(bucket); cleanup: @@ -3945,6 +3949,7 @@ dns_adb_findaddrinfo(dns_adb_t *adb, isc_sockaddr_t *sa, result = ISC_R_SUCCESS; bucket = DNS_ADB_INVALIDBUCKET; entry = find_entry_and_lock(adb, sa, &bucket, now); + INSIST(bucket != DNS_ADB_INVALIDBUCKET); if (adb->entry_sd[bucket]) { result = ISC_R_SHUTTINGDOWN; goto unlock; diff --git a/lib/dns/api b/lib/dns/api index 9bac060..d724b61 100644 --- a/lib/dns/api +++ b/lib/dns/api @@ -1,3 +1,3 @@ -LIBINTERFACE = 82 -LIBREVISION = 3 -LIBAGE = 1 +LIBINTERFACE = 84 +LIBREVISION = 1 +LIBAGE = 3 diff --git a/lib/dns/cache.c b/lib/dns/cache.c index bf93da2..eb32c6c 100644 --- a/lib/dns/cache.c +++ b/lib/dns/cache.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cache.c,v 1.87 2009-11-12 23:43:02 each Exp $ */ +/* $Id: cache.c,v 1.87.262.2 2011-03-03 23:47:09 tbox Exp $ */ /*! \file */ @@ -40,6 +40,8 @@ #include <dns/rdatasetiter.h> #include <dns/result.h> +#include "rbtdb.h" + #define CACHE_MAGIC ISC_MAGIC('$', '$', '$', '$') #define VALID_CACHE(cache) ISC_MAGIC_VALID(cache, CACHE_MAGIC) @@ -121,7 +123,8 @@ struct dns_cache { unsigned int magic; isc_mutex_t lock; isc_mutex_t filelock; - isc_mem_t *mctx; + isc_mem_t *mctx; /* Main cache memory */ + isc_mem_t *hmctx; /* Heap memory */ char *name; /* Locked by 'lock'. */ @@ -168,41 +171,54 @@ cache_create_db(dns_cache_t *cache, dns_db_t **db) { } isc_result_t -dns_cache_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, +dns_cache_create(isc_mem_t *cmctx, isc_taskmgr_t *taskmgr, isc_timermgr_t *timermgr, dns_rdataclass_t rdclass, const char *db_type, unsigned int db_argc, char **db_argv, dns_cache_t **cachep) { - return (dns_cache_create2(mctx, taskmgr, timermgr, rdclass, "", + return (dns_cache_create3(cmctx, cmctx, taskmgr, timermgr, rdclass, "", db_type, db_argc, db_argv, cachep)); } isc_result_t -dns_cache_create2(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, +dns_cache_create2(isc_mem_t *cmctx, isc_taskmgr_t *taskmgr, + isc_timermgr_t *timermgr, dns_rdataclass_t rdclass, + const char *cachename, const char *db_type, + unsigned int db_argc, char **db_argv, dns_cache_t **cachep) +{ + return (dns_cache_create3(cmctx, cmctx, taskmgr, timermgr, rdclass, + cachename, db_type, db_argc, db_argv, + cachep)); +} + +isc_result_t +dns_cache_create3(isc_mem_t *cmctx, isc_mem_t *hmctx, isc_taskmgr_t *taskmgr, isc_timermgr_t *timermgr, dns_rdataclass_t rdclass, const char *cachename, const char *db_type, unsigned int db_argc, char **db_argv, dns_cache_t **cachep) { isc_result_t result; dns_cache_t *cache; - int i; + int i, extra = 0; isc_task_t *dbtask; REQUIRE(cachep != NULL); REQUIRE(*cachep == NULL); - REQUIRE(mctx != NULL); + REQUIRE(cmctx != NULL); + REQUIRE(hmctx != NULL); REQUIRE(cachename != NULL); - cache = isc_mem_get(mctx, sizeof(*cache)); + cache = isc_mem_get(cmctx, sizeof(*cache)); if (cache == NULL) return (ISC_R_NOMEMORY); - cache->mctx = NULL; - isc_mem_attach(mctx, &cache->mctx); + cache->mctx = cache->hmctx = NULL; + isc_mem_attach(cmctx, &cache->mctx); + isc_mem_attach(hmctx, &cache->hmctx); cache->name = NULL; if (cachename != NULL) { - cache->name = isc_mem_strdup(mctx, cachename); + cache->name = isc_mem_strdup(cmctx, cachename); if (cache->name == NULL) { result = ISC_R_NOMEMORY; goto cleanup_mem; @@ -221,26 +237,38 @@ dns_cache_create2(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, cache->live_tasks = 0; cache->rdclass = rdclass; - cache->db_type = isc_mem_strdup(mctx, db_type); + cache->db_type = isc_mem_strdup(cmctx, db_type); if (cache->db_type == NULL) { result = ISC_R_NOMEMORY; goto cleanup_filelock; } - cache->db_argc = db_argc; - if (cache->db_argc == 0) - cache->db_argv = NULL; - else { - cache->db_argv = isc_mem_get(mctx, + /* + * For databases of type "rbt" we pass hmctx to dns_db_create() + * via cache->db_argv, followed by the rest of the arguments in + * db_argv (of which there really shouldn't be any). + */ + if (strcmp(cache->db_type, "rbt") == 0) + extra = 1; + + cache->db_argc = db_argc + extra; + cache->db_argv = NULL; + + if (cache->db_argc != 0) { + cache->db_argv = isc_mem_get(cmctx, cache->db_argc * sizeof(char *)); if (cache->db_argv == NULL) { result = ISC_R_NOMEMORY; goto cleanup_dbtype; } + for (i = 0; i < cache->db_argc; i++) cache->db_argv[i] = NULL; - for (i = 0; i < cache->db_argc; i++) { - cache->db_argv[i] = isc_mem_strdup(mctx, db_argv[i]); + + cache->db_argv[0] = (char *) hmctx; + for (i = extra; i < cache->db_argc; i++) { + cache->db_argv[i] = isc_mem_strdup(cmctx, + db_argv[i - extra]); if (cache->db_argv[i] == NULL) { result = ISC_R_NOMEMORY; goto cleanup_dbargv; @@ -248,6 +276,9 @@ dns_cache_create2(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, } } + /* + * Create the database + */ cache->db = NULL; result = cache_create_db(cache, &cache->db); if (result != ISC_R_SUCCESS) @@ -284,29 +315,28 @@ dns_cache_create2(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, cleanup_db: dns_db_detach(&cache->db); cleanup_dbargv: - for (i = 0; i < cache->db_argc; i++) + for (i = extra; i < cache->db_argc; i++) if (cache->db_argv[i] != NULL) - isc_mem_free(mctx, cache->db_argv[i]); + isc_mem_free(cmctx, cache->db_argv[i]); if (cache->db_argv != NULL) - isc_mem_put(mctx, cache->db_argv, + isc_mem_put(cmctx, cache->db_argv, cache->db_argc * sizeof(char *)); cleanup_dbtype: - isc_mem_free(mctx, cache->db_type); + isc_mem_free(cmctx, cache->db_type); cleanup_filelock: DESTROYLOCK(&cache->filelock); cleanup_lock: DESTROYLOCK(&cache->lock); cleanup_mem: if (cache->name != NULL) - isc_mem_free(mctx, cache->name); - isc_mem_put(mctx, cache, sizeof(*cache)); - isc_mem_detach(&mctx); + isc_mem_free(cmctx, cache->name); + isc_mem_detach(&cache->hmctx); + isc_mem_putanddetach(&cache->mctx, cache, sizeof(*cache)); return (result); } static void cache_free(dns_cache_t *cache) { - isc_mem_t *mctx; int i; REQUIRE(VALID_CACHE(cache)); @@ -337,7 +367,14 @@ cache_free(dns_cache_t *cache) { dns_db_detach(&cache->db); if (cache->db_argv != NULL) { - for (i = 0; i < cache->db_argc; i++) + /* + * We don't free db_argv[0] in "rbt" cache databases + * as it's a pointer to hmctx + */ + int extra = 0; + if (strcmp(cache->db_type, "rbt") == 0) + extra = 1; + for (i = extra; i < cache->db_argc; i++) if (cache->db_argv[i] != NULL) isc_mem_free(cache->mctx, cache->db_argv[i]); isc_mem_put(cache->mctx, cache->db_argv, @@ -352,10 +389,10 @@ cache_free(dns_cache_t *cache) { DESTROYLOCK(&cache->lock); DESTROYLOCK(&cache->filelock); + cache->magic = 0; - mctx = cache->mctx; - isc_mem_put(cache->mctx, cache, sizeof(*cache)); - isc_mem_detach(&mctx); + isc_mem_detach(&cache->hmctx); + isc_mem_putanddetach(&cache->mctx, cache, sizeof(*cache)); } diff --git a/lib/dns/client.c b/lib/dns/client.c index e55ea1f..77a419e 100644 --- a/lib/dns/client.c +++ b/lib/dns/client.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.c,v 1.12 2010-12-03 12:03:22 marka Exp $ */ +/* $Id: client.c,v 1.12.24.2 2011-03-12 04:59:16 tbox Exp $ */ #include <config.h> @@ -721,7 +721,7 @@ view_find(resctx_t *rctx, dns_db_t **dbp, dns_dbnode_t **nodep, static void client_resfind(resctx_t *rctx, dns_fetchevent_t *event) { isc_mem_t *mctx; - isc_result_t result, tresult; + isc_result_t tresult, result = ISC_R_SUCCESS; isc_result_t vresult = ISC_R_SUCCESS; isc_boolean_t want_restart; isc_boolean_t send_event = ISC_FALSE; @@ -741,7 +741,6 @@ client_resfind(resctx_t *rctx, dns_fetchevent_t *event) { mctx = rctx->view->mctx; - result = ISC_R_SUCCESS; name = dns_fixedname_name(&rctx->name); do { @@ -782,6 +781,7 @@ client_resfind(resctx_t *rctx, dns_fetchevent_t *event) { goto done; } } else { + INSIST(event != NULL); INSIST(event->fetch == rctx->fetch); dns_resolver_destroyfetch(&rctx->fetch); db = event->db; @@ -965,6 +965,7 @@ client_resfind(resctx_t *rctx, dns_fetchevent_t *event) { &rctx->rdataset); if (tresult != ISC_R_SUCCESS) { result = tresult; + POST(result); break; } } @@ -976,6 +977,7 @@ client_resfind(resctx_t *rctx, dns_fetchevent_t *event) { * implementation). */ result = DNS_R_SERVFAIL; /* better code? */ + POST(result); } else { ISC_LIST_APPEND(rctx->namelist, ansname, link); ansname = NULL; @@ -2131,6 +2133,7 @@ receive_soa(isc_task_t *task, isc_event_t *event) { reqev = (dns_requestevent_t *)event; request = reqev->request; result = eresult = reqev->result; + POST(result); uctx = reqev->ev_arg; client = uctx->client; soaquery = uctx->soaquery; @@ -2177,6 +2180,7 @@ receive_soa(isc_task_t *task, isc_event_t *event) { } section = DNS_SECTION_ANSWER; + POST(section); if (rcvmsg->rcode != dns_rcode_noerror && rcvmsg->rcode != dns_rcode_nxdomain) { diff --git a/lib/dns/diff.c b/lib/dns/diff.c index 3dbb5cf..a2c99c1 100644 --- a/lib/dns/diff.c +++ b/lib/dns/diff.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: diff.c,v 1.23 2009-12-01 00:47:09 each Exp $ */ +/* $Id: diff.c,v 1.23.248.3 2011-03-25 23:53:52 each Exp $ */ /*! \file */ @@ -264,7 +264,6 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver, dns_rdataset_t rds; dns_rdataset_t ardataset; dns_rdataset_t *modified = NULL; - isc_boolean_t offline; op = t->op; type = t->rdata.type; @@ -301,7 +300,6 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver, CHECK(dns_db_findnsec3node(db, name, ISC_TRUE, &node)); - offline = ISC_FALSE; while (t != NULL && dns_name_equal(&t->name, name) && t->op == op && @@ -323,8 +321,6 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver, namebuf, typebuf, classbuf, (unsigned long) t->ttl, (unsigned long) rdl.ttl); - if (t->rdata.flags & DNS_RDATA_OFFLINE) - offline = ISC_TRUE; ISC_LIST_APPEND(rdl.rdata, &t->rdata, link); t = ISC_LIST_NEXT(t, link); } @@ -377,6 +373,15 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver, diff->resign); dns_db_setsigningtime(db, modified, resign); + if (diff->resign == 0 && + (op == DNS_DIFFOP_ADDRESIGN || + op == DNS_DIFFOP_DELRESIGN)) + isc_log_write( + DIFF_COMMON_LOGARGS, + ISC_LOG_WARNING, + "resign requested " + "with 0 resign " + "interval"); } } else if (result == DNS_R_UNCHANGED) { /* @@ -528,7 +533,6 @@ dns_diff_sort(dns_diff_t *diff, dns_diff_compare_func *compare) { v = isc_mem_get(diff->mctx, length * sizeof(dns_difftuple_t *)); if (v == NULL) return (ISC_R_NOMEMORY); - i = 0; for (i = 0; i < length; i++) { p = ISC_LIST_HEAD(diff->tuples); v[i] = p; diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c index c074911..486965e 100644 --- a/lib/dns/dispatch.c +++ b/lib/dns/dispatch.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dispatch.c,v 1.168.248.1.2.1 2011-06-02 23:47:34 tbox Exp $ */ +/* $Id: dispatch.c,v 1.168.248.4 2011-04-06 10:30:08 marka Exp $ */ /*! \file */ @@ -913,6 +913,12 @@ get_dispsocket(dns_dispatch_t *disp, isc_sockaddr_t *dest, } portentry->refs++; break; + } else if (result == ISC_R_NOPERM) { + char buf[ISC_SOCKADDR_FORMATSIZE]; + isc_sockaddr_format(&localaddr, buf, sizeof(buf)); + dispatch_log(disp, ISC_LOG_WARNING, + "open_socket(%s) -> %s: continuing", + buf, isc_result_totext(result)); } else if (result != ISC_R_ADDRINUSE) break; } @@ -1295,7 +1301,6 @@ udp_recv(isc_event_t *ev_in, dns_dispatch_t *disp, dispsocket_t *dispsock) { * Look at flags. If query, drop it. If response, * look to see where it goes. */ - queue_response = ISC_FALSE; if ((flags & DNS_MESSAGEFLAG_QR) == 0) { /* query */ free_buffer(disp, ev->region.base, ev->region.length); @@ -1554,7 +1559,6 @@ tcp_recv(isc_task_t *task, isc_event_t *ev_in) { * Look at flags. If query, drop it. If response, * look to see where it goes. */ - queue_response = ISC_FALSE; if ((flags & DNS_MESSAGEFLAG_QR) == 0) { /* * Query. @@ -2373,9 +2377,9 @@ qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets, qid->sock_table = isc_mem_get(mgr->mctx, buckets * sizeof(dispsocketlist_t)); if (qid->sock_table == NULL) { - isc_mem_put(mgr->mctx, qid, sizeof(*qid)); isc_mem_put(mgr->mctx, qid->qid_table, buckets * sizeof(dns_displist_t)); + isc_mem_put(mgr->mctx, qid, sizeof(*qid)); return (ISC_R_NOMEMORY); } } @@ -2985,7 +2989,6 @@ dns_dispatch_detach(dns_dispatch_t **dispp) { INSIST(disp->refcount > 0); disp->refcount--; - killit = ISC_FALSE; if (disp->refcount == 0) { if (disp->recv_pending > 0) isc_socket_cancel(disp->socket, disp->task[0], @@ -3258,7 +3261,6 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp, disp->requests--; INSIST(disp->refcount > 0); disp->refcount--; - killit = ISC_FALSE; if (disp->refcount == 0) { if (disp->recv_pending > 0) isc_socket_cancel(disp->socket, disp->task[0], diff --git a/lib/dns/dlz.c b/lib/dns/dlz.c index 5a508e9..e69fc69 100644 --- a/lib/dns/dlz.c +++ b/lib/dns/dlz.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2005, 2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2005, 2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -50,7 +50,7 @@ * USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dlz.c,v 1.10 2010-12-20 23:47:20 tbox Exp $ */ +/* $Id: dlz.c,v 1.10.14.2 2011-03-12 04:59:16 tbox Exp $ */ /*! \file */ @@ -535,7 +535,6 @@ dns_dlz_writeablezone(dns_view_t *view, const char *zone_name) { isc_buffer_t buffer; dns_fixedname_t fixorigin; dns_name_t *origin; - dns_rdataclass_t zclass; dns_dlzdb_t *dlzdatabase; REQUIRE(DNS_DLZ_VALID(view->dlzdatabase)); @@ -553,8 +552,6 @@ dns_dlz_writeablezone(dns_view_t *view, const char *zone_name) { goto cleanup; origin = dns_fixedname_name(&fixorigin); - zclass = view->rdclass; - /* See if the zone already exists */ result = dns_view_findzone(view, origin, &dupzone); if (result == ISC_R_SUCCESS) { @@ -593,8 +590,6 @@ dns_dlz_writeablezone(dns_view_t *view, const char *zone_name) { */ result = dns_view_addzone(view, zone); - result = ISC_R_SUCCESS; - cleanup: if (zone != NULL) dns_zone_detach(&zone); diff --git a/lib/dns/dns64.c b/lib/dns/dns64.c index 180c0a9..b2b4138 100644 --- a/lib/dns/dns64.c +++ b/lib/dns/dns64.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2010, 2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dns64.c,v 1.6 2010-12-09 04:59:09 marka Exp $ */ +/* $Id: dns64.c,v 1.6.22.2 2011-03-12 04:59:16 tbox Exp $ */ #include <config.h> @@ -253,6 +253,8 @@ dns_dns64_aaaaok(const dns_dns64_t *dns64, const isc_netaddr_t *reqaddr, */ if (dns64->excluded == NULL) { answer = ISC_TRUE; + if (aaaaok == NULL) + goto done; for (i = 0; i < aaaaoklen; i++) aaaaok[i] = ISC_TRUE; goto done; diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c index dc249b7..6dc42a0 100644 --- a/lib/dns/dnssec.c +++ b/lib/dns/dnssec.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -16,7 +16,7 @@ */ /* - * $Id: dnssec.c,v 1.119 2010-01-13 23:48:59 tbox Exp $ + * $Id: dnssec.c,v 1.119.170.4 2011-05-06 21:07:50 each Exp $ */ /*! \file */ @@ -543,9 +543,9 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key, } static isc_boolean_t -key_active(dst_key_t *key) { +key_active(dst_key_t *key, isc_stdtime_t now) { isc_result_t result; - isc_stdtime_t now, publish, active, revoke, inactive, delete; + isc_stdtime_t publish, active, revoke, inactive, delete; isc_boolean_t pubset = ISC_FALSE, actset = ISC_FALSE; isc_boolean_t revset = ISC_FALSE, inactset = ISC_FALSE; isc_boolean_t delset = ISC_FALSE; @@ -553,6 +553,7 @@ key_active(dst_key_t *key) { /* Is this an old-style key? */ result = dst_key_getprivateformat(key, &major, &minor); + RUNTIME_CHECK(result == ISC_R_SUCCESS); /* * Smart signing started with key format 1.3; prior to that, all @@ -561,8 +562,6 @@ key_active(dst_key_t *key) { if (major == 1 && minor <= 2) return (ISC_TRUE); - isc_stdtime_get(&now); - result = dst_key_gettime(key, DST_TIME_PUBLISH, &publish); if (result == ISC_R_SUCCESS) pubset = ISC_TRUE; @@ -610,10 +609,13 @@ dns_dnssec_findzonekeys2(dns_db_t *db, dns_dbversion_t *ver, isc_result_t result; dst_key_t *pubkey = NULL; unsigned int count = 0; + isc_stdtime_t now; REQUIRE(nkeys != NULL); REQUIRE(keys != NULL); + isc_stdtime_get(&now); + *nkeys = 0; dns_rdataset_init(&rdataset); RETERR(dns_db_findrdataset(db, node, ver, dns_rdatatype_dnskey, 0, 0, @@ -692,7 +694,7 @@ dns_dnssec_findzonekeys2(dns_db_t *db, dns_dbversion_t *ver, /* * If a key is marked inactive, skip it */ - if (!key_active(keys[count])) { + if (!key_active(keys[count], now)) { dst_key_free(&keys[count]); keys[count] = pubkey; pubkey = NULL; @@ -1016,13 +1018,6 @@ dns_dnssec_selfsigns(dns_rdata_t *rdata, dns_name_t *name, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset, isc_boolean_t ignoretime, isc_mem_t *mctx) { - dst_key_t *dstkey = NULL; - dns_keytag_t keytag; - dns_rdata_dnskey_t key; - dns_rdata_rrsig_t sig; - dns_rdata_t sigrdata = DNS_RDATA_INIT; - isc_result_t result; - INSIST(rdataset->type == dns_rdatatype_key || rdataset->type == dns_rdatatype_dnskey); if (rdataset->type == dns_rdatatype_key) { @@ -1033,6 +1028,27 @@ dns_dnssec_selfsigns(dns_rdata_t *rdata, dns_name_t *name, INSIST(sigrdataset->covers == dns_rdatatype_dnskey); } + return (dns_dnssec_signs(rdata, name, rdataset, sigrdataset, + ignoretime, mctx)); + +} + +isc_boolean_t +dns_dnssec_signs(dns_rdata_t *rdata, dns_name_t *name, + dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset, + isc_boolean_t ignoretime, isc_mem_t *mctx) +{ + dst_key_t *dstkey = NULL; + dns_keytag_t keytag; + dns_rdata_dnskey_t key; + dns_rdata_rrsig_t sig; + dns_rdata_t sigrdata = DNS_RDATA_INIT; + isc_result_t result; + + INSIST(sigrdataset->type == dns_rdatatype_rrsig); + if (sigrdataset->covers != rdataset->type) + return (ISC_FALSE); + result = dns_dnssec_keyfromrdata(name, rdata, mctx, &dstkey); if (result != ISC_R_SUCCESS) return (ISC_FALSE); @@ -1095,6 +1111,7 @@ dns_dnsseckey_create(isc_mem_t *mctx, dst_key_t **dstkey, /* Is this an old-style key? */ result = dst_key_getprivateformat(dk->key, &major, &minor); + INSIST(result == ISC_R_SUCCESS); /* Smart signing started with key format 1.3 */ dk->legacy = ISC_TF(major == 1 && minor <= 2); @@ -1673,9 +1690,6 @@ dns_dnssec_updatekeys(dns_dnsseckeylist_t *keys, dns_dnsseckeylist_t *newkeys, /* No match found in keys; add the new key. */ if (key2 == NULL) { - dns_dnsseckey_t *next; - - next = ISC_LIST_NEXT(key1, link); ISC_LIST_UNLINK(*newkeys, key1, link); ISC_LIST_APPEND(*keys, key1, link); diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c index 1ece312..4a06486 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c @@ -31,7 +31,7 @@ /* * Principal Author: Brian Wellington - * $Id: dst_api.c,v 1.57 2011-01-11 23:47:13 tbox Exp $ + * $Id: dst_api.c,v 1.57.10.1 2011-03-21 19:53:34 each Exp $ */ /*! \file */ @@ -1778,5 +1778,6 @@ dst__entropy_status(void) { isc_buffer_t * dst_key_tkeytoken(const dst_key_t *key) { + REQUIRE(VALID_KEY(key)); return (key->key_tkeytoken); } diff --git a/lib/dns/dst_openssl.h b/lib/dns/dst_openssl.h index 781085b..0fbb1e4 100644 --- a/lib/dns/dst_openssl.h +++ b/lib/dns/dst_openssl.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dst_openssl.h,v 1.9 2009-10-06 04:40:14 tbox Exp $ */ +/* $Id: dst_openssl.h,v 1.9.302.2 2011-03-12 04:59:16 tbox Exp $ */ #ifndef DST_OPENSSL_H #define DST_OPENSSL_H 1 @@ -23,13 +23,28 @@ #include <isc/lang.h> #include <isc/result.h> +#include <openssl/err.h> +#include <openssl/rand.h> +#include <openssl/evp.h> +#include <openssl/conf.h> +#include <openssl/crypto.h> + +#if !defined(OPENSSL_NO_ENGINE) && defined(CRYPTO_LOCK_ENGINE) && \ + (OPENSSL_VERSION_NUMBER >= 0x0090707f) +#define USE_ENGINE 1 +#endif + ISC_LANG_BEGINDECLS isc_result_t dst__openssl_toresult(isc_result_t fallback); +#ifdef USE_ENGINE ENGINE * dst__openssl_getengine(const char *engine); +#else +#define dst__openssl_getengine(x) NULL +#endif ISC_LANG_ENDDECLS diff --git a/lib/dns/gssapi_link.c b/lib/dns/gssapi_link.c index e14d0eb..c443fcb 100644 --- a/lib/dns/gssapi_link.c +++ b/lib/dns/gssapi_link.c @@ -16,7 +16,7 @@ */ /* - * $Id: gssapi_link.c,v 1.16 2011-01-11 23:47:13 tbox Exp $ + * $Id: gssapi_link.c,v 1.16.10.1 2011-03-28 05:36:05 marka Exp $ */ #include <config.h> @@ -181,7 +181,7 @@ gssapi_sign(dst_context_t *dctx, isc_buffer_t *sig) { * allocated space. */ isc_buffer_putmem(sig, gsig.value, gsig.length); - if (gsig.length != 0) + if (gsig.length != 0U) gss_release_buffer(&minor, &gsig); return (ISC_R_SUCCESS); @@ -293,7 +293,7 @@ gssapi_restore(dst_key_t *key, const char *keystr) { isc_result_t result; len = strlen(keystr); - if ((len % 4) != 0) + if ((len % 4) != 0U) return (ISC_R_BADBASE64); len = (len / 4) * 3; @@ -338,7 +338,7 @@ gssapi_dump(dst_key_t *key, isc_mem_t *mctx, char **buffer, int *length) { major, minor); return (ISC_R_FAILURE); } - if (gssbuffer.length == 0) + if (gssbuffer.length == 0U) return (ISC_R_FAILURE); len = ((gssbuffer.length + 2)/3) * 4; buf = isc_mem_get(mctx, len); diff --git a/lib/dns/gssapictx.c b/lib/dns/gssapictx.c index 707745c..24f4b9c 100644 --- a/lib/dns/gssapictx.c +++ b/lib/dns/gssapictx.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: gssapictx.c,v 1.26 2011-01-10 03:49:49 marka Exp $ */ +/* $Id: gssapictx.c,v 1.26.12.2 2011-04-07 23:05:01 marka Exp $ */ #include <config.h> @@ -179,7 +179,7 @@ log_cred(const gss_cred_id_t cred) { } if (gret == GSS_S_COMPLETE) { - if (gbuffer.length != 0) { + if (gbuffer.length != 0U) { gret = gss_release_buffer(&minor, &gbuffer); if (gret != GSS_S_COMPLETE) gss_log(3, "failed gss_release_buffer: %s", @@ -604,7 +604,7 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken, /* * RFC 2744 states the a valid output token has a non-zero length. */ - if (gouttoken.length != 0) { + if (gouttoken.length != 0U) { GBUFFER_TO_REGION(gouttoken, r); RETERR(isc_buffer_copyregion(outtoken, &r)); (void)gss_release_buffer(&minor, &gouttoken); @@ -650,8 +650,6 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, REQUIRE(outtoken != NULL && *outtoken == NULL); - log_cred(cred); - REGION_TO_GBUFFER(*intoken, gintoken); if (*ctxout == NULL) @@ -687,6 +685,8 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, #endif } + log_cred(cred); + gret = gss_accept_sec_context(&minor, &context, cred, &gintoken, GSS_C_NO_CHANNEL_BINDINGS, &gname, NULL, &gouttoken, NULL, NULL, NULL); @@ -719,7 +719,7 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, return (result); } - if (gouttoken.length > 0) { + if (gouttoken.length > 0U) { RETERR(isc_buffer_allocate(mctx, outtoken, gouttoken.length)); GBUFFER_TO_REGION(gouttoken, r); RETERR(isc_buffer_copyregion(*outtoken, &r)); @@ -741,7 +741,7 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, * case, since principal names really should not * contain null characters. */ - if (gnamebuf.length > 0 && + if (gnamebuf.length > 0U && ((char *)gnamebuf.value)[gnamebuf.length - 1] == '\0') gnamebuf.length--; @@ -755,7 +755,7 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, RETERR(dns_name_fromtext(principal, &namebuf, dns_rootname, 0, NULL)); - if (gnamebuf.length != 0) { + if (gnamebuf.length != 0U) { gret = gss_release_buffer(&minor, &gnamebuf); if (gret != GSS_S_COMPLETE) gss_log(3, "failed gss_release_buffer: %s", @@ -836,9 +836,9 @@ gss_error_tostring(isc_uint32_t major, isc_uint32_t minor, snprintf(buf, buflen, "GSSAPI error: Major = %s, Minor = %s.", (char *)msg_major.value, (char *)msg_minor.value); - if (msg_major.length != 0) + if (msg_major.length != 0U) (void)gss_release_buffer(&minor_stat, &msg_major); - if (msg_minor.length != 0) + if (msg_minor.length != 0U) (void)gss_release_buffer(&minor_stat, &msg_minor); return(buf); #else diff --git a/lib/dns/include/dns/Makefile.in b/lib/dns/include/dns/Makefile.in index e13d084..3382cc9 100644 --- a/lib/dns/include/dns/Makefile.in +++ b/lib/dns/include/dns/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004, 2007-2009 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2003 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.57 2009-10-08 23:48:10 tbox Exp $ +# $Id: Makefile.in,v 1.57.296.2 2011-02-28 01:20:02 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -29,7 +29,7 @@ HEADERS = acl.h adb.h byaddr.h cache.h callbacks.h cert.h compress.h \ peer.h portlist.h private.h rbt.h rcode.h \ rdata.h rdataclass.h rdatalist.h rdataset.h rdatasetiter.h \ rdataslab.h rdatatype.h request.h resolver.h result.h \ - rootns.h sdb.h sdlz.h secalg.h secproto.h soa.h ssu.h \ + rootns.h rpz.h sdb.h sdlz.h secalg.h secproto.h soa.h ssu.h \ tcpmsg.h time.h tkey.h tsig.h ttl.h types.h \ validator.h version.h view.h xfrin.h zone.h zonekey.h zt.h diff --git a/lib/dns/include/dns/acl.h b/lib/dns/include/dns/acl.h index 04f5577..d066507 100644 --- a/lib/dns/include/dns/acl.h +++ b/lib/dns/include/dns/acl.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: acl.h,v 1.33 2009-01-17 23:47:43 tbox Exp $ */ +/* $Id: acl.h,v 1.33.426.2 2011-06-17 23:47:11 tbox Exp $ */ #ifndef DNS_ACL_H #define DNS_ACL_H 1 @@ -145,9 +145,26 @@ dns_acl_merge(dns_acl_t *dest, dns_acl_t *source, isc_boolean_t pos); void dns_acl_attach(dns_acl_t *source, dns_acl_t **target); +/*%< + * Attach to acl 'source'. + * + * Requires: + *\li 'source' to be a valid acl. + *\li 'target' to be non NULL and '*target' to be NULL. + */ void dns_acl_detach(dns_acl_t **aclp); +/*%< + * Detach the acl. On final detach the acl must not be linked on any + * list. + * + * Requires: + *\li '*aclp' to be a valid acl. + * + * Insists: + *\li '*aclp' is not linked on final detach. + */ isc_boolean_t dns_acl_isinsecure(const dns_acl_t *a); diff --git a/lib/dns/include/dns/cache.h b/lib/dns/include/dns/cache.h index e4ea5f4..225f3bf 100644 --- a/lib/dns/include/dns/cache.h +++ b/lib/dns/include/dns/cache.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cache.h,v 1.28 2009-01-09 23:47:46 tbox Exp $ */ +/* $Id: cache.h,v 1.28.428.2 2011-03-03 23:47:09 tbox Exp $ */ #ifndef DNS_CACHE_H #define DNS_CACHE_H 1 @@ -61,23 +61,36 @@ ISC_LANG_BEGINDECLS ***/ isc_result_t -dns_cache_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, +dns_cache_create(isc_mem_t *cmctx, isc_taskmgr_t *taskmgr, isc_timermgr_t *timermgr, dns_rdataclass_t rdclass, const char *db_type, unsigned int db_argc, char **db_argv, dns_cache_t **cachep); isc_result_t -dns_cache_create2(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, +dns_cache_create2(isc_mem_t *cmctx, isc_taskmgr_t *taskmgr, + isc_timermgr_t *timermgr, dns_rdataclass_t rdclass, + const char *cachename, const char *db_type, + unsigned int db_argc, char **db_argv, dns_cache_t **cachep); +isc_result_t +dns_cache_create3(isc_mem_t *cmctx, isc_mem_t *hmctx, isc_taskmgr_t *taskmgr, isc_timermgr_t *timermgr, dns_rdataclass_t rdclass, const char *cachename, const char *db_type, unsigned int db_argc, char **db_argv, dns_cache_t **cachep); /*%< - * Create a new DNS cache. dns_cache_create2() will create a named cache. - * dns_cache_create() is a backward compatible version that internally specifies - * an empty name. + * Create a new DNS cache. + * + * dns_cache_create2() will create a named cache. + * + * dns_cache_create3() will create a named cache using two separate memory + * contexts, one for cache data which can be cleaned and a separate one for + * memory allocated for the heap (which can grow without an upper limit and + * has no mechanism for shrinking). + * + * dns_cache_create() is a backward compatible version that internally + * specifies an empty cache name and a single memory context. * * Requires: * - *\li 'mctx' is a valid memory context + *\li 'cmctx' (and 'hmctx' if applicable) is a valid memory context. * *\li 'taskmgr' is a valid task manager and 'timermgr' is a valid timer * manager, or both are NULL. If NULL, no periodic cleaning of the diff --git a/lib/dns/include/dns/db.h b/lib/dns/include/dns/db.h index edb1263..b813622 100644 --- a/lib/dns/include/dns/db.h +++ b/lib/dns/include/dns/db.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: db.h,v 1.104 2011-01-13 04:59:25 tbox Exp $ */ +/* $Id: db.h,v 1.104.8.1 2011-05-19 04:42:51 each Exp $ */ #ifndef DNS_DB_H #define DNS_DB_H 1 @@ -1441,7 +1441,9 @@ dns_db_setsigningtime(dns_db_t *db, dns_rdataset_t *rdataset, * * Requires: * \li 'db' is a valid zone database. - * \li 'rdataset' to be associated with 'db'. + * \li 'rdataset' is or is to be associated with 'db'. + * \li 'rdataset' is not pending removed from the heap via an + * uncommitted call to dns_db_resigned(). * * Returns: * \li #ISC_R_SUCCESS @@ -1472,7 +1474,9 @@ dns_db_resigned(dns_db_t *db, dns_rdataset_t *rdataset, * Mark 'rdataset' as not being available to be returned by * dns_db_getsigningtime(). If the changes associated with 'version' * are committed this will be permanent. If the version is not committed - * this change will be rolled back when the version is closed. + * this change will be rolled back when the version is closed. Until + * 'version' is either committed or rolled back, 'rdataset' can no longer + * be acted upon by dns_db_setsigningtime(). * * Requires: * \li 'db' is a valid zone database. diff --git a/lib/dns/include/dns/dlz.h b/lib/dns/include/dns/dlz.h index e04b1b1..29c2926 100644 --- a/lib/dns/include/dns/dlz.h +++ b/lib/dns/include/dns/dlz.h @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2005-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2005-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -50,7 +50,7 @@ * USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dlz.h,v 1.12 2010-12-20 23:47:21 tbox Exp $ */ +/* $Id: dlz.h,v 1.12.14.2 2011-03-17 23:47:06 tbox Exp $ */ /*! \file dns/dlz.h */ @@ -318,9 +318,9 @@ dns_dlzunregister(dns_dlzimplementation_t **dlzimp); */ -isc_result_t -dns_dlz_writeablezone(dns_view_t *view, const char *zone_name); - +typedef isc_result_t dns_dlz_writeablezone_t(dns_view_t *view, + const char *zone_name); +dns_dlz_writeablezone_t dns_dlz_writeablezone; /*%< * creates a writeable DLZ zone. Must be called from within the * configure() method of a DLZ driver. diff --git a/lib/dns/include/dns/dlz_dlopen.h b/lib/dns/include/dns/dlz_dlopen.h new file mode 100644 index 0000000..3e87d10 --- /dev/null +++ b/lib/dns/include/dns/dlz_dlopen.h @@ -0,0 +1,160 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: dlz_dlopen.h,v 1.2.2.2 2011-03-17 09:41:07 fdupont Exp $ */ + +/*! \file dns/dlz_open.h */ + +#ifndef DLZ_DLOPEN_H +#define DLZ_DLOPEN_H + +#include <dns/sdlz.h> + +ISC_LANG_BEGINDECLS + +/* + * This header provides a minimal set of defines and typedefs needed + * for the entry points of an external DLZ module for bind9. + */ + +#define DLZ_DLOPEN_VERSION 1 + +/* + * dlz_dlopen_version() is required for all DLZ external drivers. It + * should return DLZ_DLOPEN_VERSION + */ +typedef int dlz_dlopen_version_t (unsigned int *flags); + +/* + * dlz_dlopen_create() is required for all DLZ external drivers. + */ +typedef isc_result_t dlz_dlopen_create_t (const char *dlzname, + unsigned int argc, + char *argv[], + void **dbdata, + ...); + +/* + * dlz_dlopen_destroy() is optional, and will be called when the + * driver is unloaded if supplied + */ +typedef void dlz_dlopen_destroy_t (void *dbdata); + +/* + * dlz_dlopen_findzonedb() is required for all DLZ external drivers + */ +typedef isc_result_t dlz_dlopen_findzonedb_t (void *dbdata, + const char *name); + +/* + * dlz_dlopen_lookup() is required for all DLZ external drivers + */ +typedef isc_result_t dlz_dlopen_lookup_t (const char *zone, + const char *name, + void *dbdata, + dns_sdlzlookup_t *lookup); + +/* + * dlz_dlopen_authority is optional() if dlz_dlopen_lookup() + * supplies authority information for the dns record + */ +typedef isc_result_t dlz_dlopen_authority_t (const char *zone, + void *dbdata, + dns_sdlzlookup_t *lookup); + +/* + * dlz_dlopen_allowzonexfr() is optional, and should be supplied if + * you want to support zone transfers + */ +typedef isc_result_t dlz_dlopen_allowzonexfr_t (void *dbdata, + const char *name, + const char *client); + +/* + * dlz_dlopen_allnodes() is optional, but must be supplied if supply a + * dlz_dlopen_allowzonexfr() function + */ +typedef isc_result_t dlz_dlopen_allnodes_t (const char *zone, + void *dbdata, + dns_sdlzallnodes_t *allnodes); + +/* + * dlz_dlopen_newversion() is optional. It should be supplied if you + * want to support dynamic updates. + */ +typedef isc_result_t dlz_dlopen_newversion_t (const char *zone, + void *dbdata, + void **versionp); + +/* + * dlz_closeversion() is optional, but must be supplied if you supply + * a dlz_newversion() function + */ +typedef void dlz_dlopen_closeversion_t (const char *zone, + isc_boolean_t commit, + void *dbdata, + void **versionp); + +/* + * dlz_dlopen_configure() is optional, but must be supplied if you + * want to support dynamic updates + */ +typedef isc_result_t dlz_dlopen_configure_t (dns_view_t *view, + void *dbdata); + +/* + * dlz_dlopen_ssumatch() is optional, but must be supplied if you want + * to support dynamic updates + */ +typedef isc_boolean_t dlz_dlopen_ssumatch_t (const char *signer, + const char *name, + const char *tcpaddr, + const char *type, + const char *key, + isc_uint32_t keydatalen, + unsigned char *keydata, + void *dbdata); + +/* + * dlz_dlopen_addrdataset() is optional, but must be supplied if you + * want to support dynamic updates + */ +typedef isc_result_t dlz_dlopen_addrdataset_t (const char *name, + const char *rdatastr, + void *dbdata, + void *version); + +/* + * dlz_dlopen_subrdataset() is optional, but must be supplied if you + * want to support dynamic updates + */ +typedef isc_result_t dlz_dlopen_subrdataset_t (const char *name, + const char *rdatastr, + void *dbdata, + void *version); + +/* + * dlz_dlopen_delrdataset() is optional, but must be supplied if you + * want to support dynamic updates + */ +typedef isc_result_t dlz_dlopen_delrdataset_t (const char *name, + const char *type, + void *dbdata, + void *version); + +ISC_LANG_ENDDECLS + +#endif diff --git a/lib/dns/include/dns/dnssec.h b/lib/dns/include/dns/dnssec.h index c6d910b..354f880 100644 --- a/lib/dns/include/dns/dnssec.h +++ b/lib/dns/include/dns/dnssec.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec.h,v 1.42 2010-01-09 23:48:45 tbox Exp $ */ +/* $Id: dnssec.h,v 1.42.178.2 2011-05-06 23:47:05 tbox Exp $ */ #ifndef DNS_DNSSEC_H #define DNS_DNSSEC_H 1 @@ -220,6 +220,19 @@ dns_dnssec_selfsigns(dns_rdata_t *rdata, dns_name_t *name, isc_boolean_t ignoretime, isc_mem_t *mctx); +isc_boolean_t +dns_dnssec_signs(dns_rdata_t *rdata, dns_name_t *name, + dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset, + isc_boolean_t ignoretime, isc_mem_t *mctx); +/*%< + * Verify that 'rdataset' is validly signed in 'sigrdataset' by + * the key in 'rdata'. + * + * dns_dnssec_selfsigns() requires that rdataset be a DNSKEY or KEY + * rrset. dns_dnssec_signs() works on any rrset. + */ + + isc_result_t dns_dnsseckey_create(isc_mem_t *mctx, dst_key_t **dstkey, dns_dnsseckey_t **dkp); diff --git a/lib/dns/include/dns/masterdump.h b/lib/dns/include/dns/masterdump.h index 684dd82..e5bfe04 100644 --- a/lib/dns/include/dns/masterdump.h +++ b/lib/dns/include/dns/masterdump.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: masterdump.h,v 1.42.596.2 2011-06-02 23:47:35 tbox Exp $ */ +/* $Id: masterdump.h,v 1.42.524.2 2011-05-28 00:27:48 tbox Exp $ */ #ifndef DNS_MASTERDUMP_H #define DNS_MASTERDUMP_H 1 diff --git a/lib/dns/include/dns/rdataset.h b/lib/dns/include/dns/rdataset.h index 7f50c12..492a1ce 100644 --- a/lib/dns/include/dns/rdataset.h +++ b/lib/dns/include/dns/rdataset.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataset.h,v 1.69.270.3 2011-06-21 20:15:54 each Exp $ */ +/* $Id: rdataset.h,v 1.69.148.3 2011-06-08 23:02:43 each Exp $ */ #ifndef DNS_RDATASET_H #define DNS_RDATASET_H 1 @@ -653,7 +653,7 @@ dns_rdataset_expire(dns_rdataset_t *rdataset); const char * dns_trust_totext(dns_trust_t trust); -/*%< +/* * Display trust in textual form. */ diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h index 2db1770..9c93fdf 100644 --- a/lib/dns/include/dns/resolver.h +++ b/lib/dns/include/dns/resolver.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resolver.h,v 1.67.86.1.2.1 2011-06-02 23:47:36 tbox Exp $ */ +/* $Id: resolver.h,v 1.67.86.2 2011-02-28 01:20:02 tbox Exp $ */ #ifndef DNS_RESOLVER_H #define DNS_RESOLVER_H 1 diff --git a/lib/dns/include/dns/sdlz.h b/lib/dns/include/dns/sdlz.h index b917cc0..76eff3c 100644 --- a/lib/dns/include/dns/sdlz.h +++ b/lib/dns/include/dns/sdlz.h @@ -50,7 +50,7 @@ * USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sdlz.h,v 1.14 2011-01-13 08:50:29 tbox Exp $ */ +/* $Id: sdlz.h,v 1.14.8.2 2011-03-17 23:47:06 tbox Exp $ */ /*! \file dns/sdlz.h */ @@ -317,25 +317,33 @@ dns_sdlzunregister(dns_sdlzimplementation_t **sdlzimp); * function is called. */ -isc_result_t -dns_sdlz_putnamedrr(dns_sdlzallnodes_t *allnodes, const char *name, - const char *type, dns_ttl_t ttl, const char *data); +typedef isc_result_t dns_sdlz_putnamedrr_t(dns_sdlzallnodes_t *allnodes, + const char *name, + const char *type, + dns_ttl_t ttl, + const char *data); +dns_sdlz_putnamedrr_t dns_sdlz_putnamedrr; + /*%< * Add a single resource record to the allnodes structure to be later * parsed into a zone transfer response. */ -isc_result_t -dns_sdlz_putrr(dns_sdlzlookup_t *lookup, const char *type, dns_ttl_t ttl, - const char *data); +typedef isc_result_t dns_sdlz_putrr_t(dns_sdlzlookup_t *lookup, + const char *type, + dns_ttl_t ttl, + const char *data); +dns_sdlz_putrr_t dns_sdlz_putrr; /*%< * Add a single resource record to the lookup structure to be later * parsed into a query response. */ -isc_result_t -dns_sdlz_putsoa(dns_sdlzlookup_t *lookup, const char *mname, const char *rname, - isc_uint32_t serial); +typedef isc_result_t dns_sdlz_putsoa_t(dns_sdlzlookup_t *lookup, + const char *mname, + const char *rname, + isc_uint32_t serial); +dns_sdlz_putsoa_t dns_sdlz_putsoa; /*%< * This function may optionally be called from the 'authority' * callback to simplify construction of the SOA record for 'zone'. It @@ -347,9 +355,11 @@ dns_sdlz_putsoa(dns_sdlzlookup_t *lookup, const char *mname, const char *rname, */ -isc_result_t -dns_sdlz_setdb(dns_dlzdb_t *dlzdatabase, dns_rdataclass_t rdclass, - dns_name_t *name, dns_db_t **dbp); +typedef isc_result_t dns_sdlz_setdb_t(dns_dlzdb_t *dlzdatabase, + dns_rdataclass_t rdclass, + dns_name_t *name, + dns_db_t **dbp); +dns_sdlz_setdb_t dns_sdlz_setdb; /*%< * Create the database pointers for a writeable SDLZ zone */ diff --git a/lib/dns/include/dns/zone.h b/lib/dns/include/dns/zone.h index 67756d9..a8b78dc 100644 --- a/lib/dns/include/dns/zone.h +++ b/lib/dns/include/dns/zone.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.h,v 1.182 2010-12-18 01:56:22 each Exp $ */ +/* $Id: zone.h,v 1.182.16.2 2011-07-08 23:47:16 tbox Exp $ */ #ifndef DNS_ZONE_H #define DNS_ZONE_H 1 @@ -1380,7 +1380,8 @@ dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, isc_timermgr_t *timermgr, isc_socketmgr_t *socketmgr, dns_zonemgr_t **zmgrp); /*%< - * Create a zone manager. + * Create a zone manager. Note: the zone manager will not be able to + * manage any zones until dns_zonemgr_setsize() has been run. * * Requires: *\li 'mctx' to be a valid memory context. @@ -1390,6 +1391,18 @@ dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, */ isc_result_t +dns_zonemgr_setsize(dns_zonemgr_t *zmgr, int num_zones); +/*%< + * Set the size of the zone manager task pool. This must be run + * before zmgr can be used for managing zones. Currently, it can only + * be run once; the task pool cannot be resized. + * + * Requires: + *\li zmgr is a valid zone manager. + *\li zmgr->zonetasks has been initialized. + */ + +isc_result_t dns_zonemgr_managezone(dns_zonemgr_t *zmgr, dns_zone_t *zone); /*%< * Bring the zone under control of a zone manager. diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h index 3c999f6..eec9b39 100644 --- a/lib/dns/include/dst/dst.h +++ b/lib/dns/include/dst/dst.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dst.h,v 1.31 2011-01-11 23:47:14 tbox Exp $ */ +/* $Id: dst.h,v 1.31.10.1 2011-03-21 19:53:35 each Exp $ */ #ifndef DST_DST_H #define DST_DST_H 1 @@ -844,6 +844,9 @@ dst_key_tkeytoken(const dst_key_t *key); /*%< * Return the token from the TKEY request, if any. If this key was * not negotiated via TKEY, return NULL. + * + * Requires: + * "key" is a valid key. */ diff --git a/lib/dns/journal.c b/lib/dns/journal.c index a6d630e..27e9bdb 100644 --- a/lib/dns/journal.c +++ b/lib/dns/journal.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: journal.c,v 1.112 2010-11-17 23:47:08 tbox Exp $ */ +/* $Id: journal.c,v 1.112.38.2 2011-03-12 04:59:17 tbox Exp $ */ #include <config.h> @@ -163,7 +163,7 @@ dns_db_createsoatuple(dns_db_t *db, dns_dbversion_t *ver, isc_mem_t *mctx, dns_rdataset_disassociate(&rdataset); dns_db_detachnode(db, &node); - return (ISC_R_SUCCESS); + return (result); freenode: dns_db_detachnode(db, &node); @@ -2170,6 +2170,7 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, isc_uint32_t serial, CHECK(journal_fsync(new)); indexend = new->header.end.offset; + POST(indexend); } /* diff --git a/lib/dns/master.c b/lib/dns/master.c index e90a74c..1e9fead 100644 --- a/lib/dns/master.c +++ b/lib/dns/master.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: master.c,v 1.178 2009-09-01 00:22:26 jinmei Exp $ */ +/* $Id: master.c,v 1.178.346.2 2011-03-12 04:59:17 tbox Exp $ */ /*! \file */ @@ -1205,9 +1205,10 @@ load_text(dns_loadctx_t *lctx) { goto insist_and_cleanup; } ictx = lctx->inc; - line = isc_lex_getsourceline(lctx->lex); source = isc_lex_getsourcename(lctx->lex); + line = isc_lex_getsourceline(lctx->lex); + POST(line); continue; } /* @@ -1417,8 +1418,9 @@ load_text(dns_loadctx_t *lctx) { goto insist_and_cleanup; } ictx = lctx->inc; - line = isc_lex_getsourceline(lctx->lex); source = isc_lex_getsourcename(lctx->lex); + line = isc_lex_getsourceline(lctx->lex); + POST(line); continue; } @@ -2123,6 +2125,7 @@ load_raw(dns_loadctx_t *lctx) { /* Empty read: currently, we do not use dumptime */ dumptime = isc_buffer_getuint32(&target); + POST(dumptime); lctx->first = ISC_FALSE; } @@ -2295,7 +2298,6 @@ load_raw(dns_loadctx_t *lctx) { isc_buffer_forward(&target, consumed_name); rdcount -= i; - i = 0; goto continue_read; } @@ -2679,7 +2681,6 @@ grow_rdatalist(int new_len, dns_rdatalist_t *old, int old_len, return (NULL); ISC_LIST_INIT(save); - this = ISC_LIST_HEAD(*current); while ((this = ISC_LIST_HEAD(*current)) != NULL) { ISC_LIST_UNLINK(*current, this, link); ISC_LIST_APPEND(save, this, link); @@ -2692,7 +2693,6 @@ grow_rdatalist(int new_len, dns_rdatalist_t *old, int old_len, } ISC_LIST_INIT(save); - this = ISC_LIST_HEAD(*glue); while ((this = ISC_LIST_HEAD(*glue)) != NULL) { ISC_LIST_UNLINK(*glue, this, link); ISC_LIST_APPEND(save, this, link); diff --git a/lib/dns/masterdump.c b/lib/dns/masterdump.c index e2adf9b..c137b10 100644 --- a/lib/dns/masterdump.c +++ b/lib/dns/masterdump.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: masterdump.c,v 1.99.328.3 2011-06-21 20:15:47 each Exp $ */ +/* $Id: masterdump.c,v 1.99.258.7 2011-06-08 23:02:42 each Exp $ */ /*! \file */ @@ -871,9 +871,8 @@ dump_rdatasets_text(isc_mem_t *mctx, dns_name_t *name, for (i = 0; i < n; i++) { dns_rdataset_t *rds = sorted[i]; - if (ctx->style.flags & DNS_STYLEFLAG_TRUST) { + if (ctx->style.flags & DNS_STYLEFLAG_TRUST) fprintf(f, "; %s\n", dns_trust_totext(rds->trust)); - } if (((rds->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) && (ctx->style.flags & DNS_STYLEFLAG_NCACHE) == 0) { /* Omit negative cache entries */ @@ -1047,6 +1046,8 @@ dump_rdatasets_raw(isc_mem_t *mctx, dns_name_t *name, buffer, f); } dns_rdataset_disassociate(&rdataset); + if (result != ISC_R_SUCCESS) + return (result); } if (result == ISC_R_NOMORE) @@ -1356,23 +1357,24 @@ dumptostreaminc(dns_dumpctx_t *dctx) { isc_buffer_region(&buffer, &r); isc_buffer_putuint32(&buffer, dns_masterformat_raw); isc_buffer_putuint32(&buffer, DNS_RAWFORMAT_VERSION); - if (sizeof(now32) != sizeof(dctx->now)) { - /* - * We assume isc_stdtime_t is a 32-bit integer, - * which should be the case on most cases. - * If it turns out to be uncommon, we'll need - * to bump the version number and revise the - * header format. - */ - isc_log_write(dns_lctx, - ISC_LOGCATEGORY_GENERAL, - DNS_LOGMODULE_MASTERDUMP, - ISC_LOG_INFO, - "dumping master file in raw " - "format: stdtime is not 32bits"); - now32 = 0; - } else - now32 = dctx->now; +#if !defined(STDTIME_ON_32BITS) || (STDTIME_ON_32BITS + 0) != 1 + /* + * We assume isc_stdtime_t is a 32-bit integer, + * which should be the case on most cases. + * If it turns out to be uncommon, we'll need + * to bump the version number and revise the + * header format. + */ + isc_log_write(dns_lctx, + ISC_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTERDUMP, + ISC_LOG_INFO, + "dumping master file in raw " + "format: stdtime is not 32bits"); + now32 = 0; +#else + now32 = dctx->now; +#endif isc_buffer_putuint32(&buffer, now32); INSIST(isc_buffer_usedlength(&buffer) <= sizeof(rawheader)); @@ -1742,6 +1744,14 @@ dns_master_dumpnode(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, result = dns_master_dumpnodetostream(mctx, db, version, node, name, style, f); + if (result != ISC_R_SUCCESS) { + isc_log_write(dns_lctx, ISC_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTERDUMP, ISC_LOG_ERROR, + "dumping master file: %s: dump: %s", filename, + isc_result_totext(result)); + (void)isc_stdio_close(f); + return (ISC_R_UNEXPECTED); + } result = isc_stdio_close(f); if (result != ISC_R_SUCCESS) { diff --git a/lib/dns/message.c b/lib/dns/message.c index b58c139..4ca37b7 100644 --- a/lib/dns/message.c +++ b/lib/dns/message.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: message.c,v 1.254.186.3 2011-06-21 20:15:47 each Exp $ */ +/* $Id: message.c,v 1.254.114.3 2011-06-08 23:02:42 each Exp $ */ /*! \file */ @@ -1194,7 +1194,6 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, skip_name_search = ISC_FALSE; skip_type_search = ISC_FALSE; - free_name = ISC_FALSE; free_rdataset = ISC_FALSE; name = isc_mempool_get(msg->namepool); @@ -2930,6 +2929,7 @@ dns_message_signer(dns_message_t *msg, dns_name_t *signer) { dns_rdataset_current(msg->tsig, &rdata); result = dns_rdata_tostruct(&rdata, &tsig, NULL); + INSIST(result == ISC_R_SUCCESS); if (msg->tsigstatus != dns_rcode_noerror) result = DNS_R_TSIGVERIFYFAILURE; else if (tsig.error != dns_rcode_noerror) diff --git a/lib/dns/name.c b/lib/dns/name.c index f88f281..2383513 100644 --- a/lib/dns/name.c +++ b/lib/dns/name.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: name.c,v 1.174 2011-01-13 04:59:25 tbox Exp $ */ +/* $Id: name.c,v 1.174.8.1 2011-03-11 06:47:04 marka Exp $ */ /*! \file */ @@ -1024,12 +1024,13 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source, const dns_name_t *origin, unsigned int options, isc_buffer_t *target) { - unsigned char *ndata, *label; + unsigned char *ndata, *label = NULL; char *tdata; char c; ft_state state; - unsigned int value, count; - unsigned int n1, n2, tlen, nrem, nused, digits, labels, tused; + unsigned int value = 0, count = 0; + unsigned int n1 = 0, n2 = 0; + unsigned int tlen, nrem, nused, digits = 0, labels, tused; isc_boolean_t done; unsigned char *offsets; dns_offsets_t odata; @@ -1063,16 +1064,6 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source, offsets[0] = 0; /* - * Initialize things to make the compiler happy; they're not required. - */ - n1 = 0; - n2 = 0; - label = NULL; - digits = 0; - value = 0; - count = 0; - - /* * Make 'name' empty in case of failure. */ MAKE_EMPTY(name); @@ -1171,6 +1162,7 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source, return (DNS_R_BADLABELTYPE); } state = ft_escape; + POST(state); /* FALLTHROUGH */ case ft_escape: if (!isdigit(c & 0xff)) { @@ -1236,6 +1228,7 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source, label = origin->ndata; n1 = origin->length; nrem -= n1; + POST(nrem); while (n1 > 0) { n2 = *label++; INSIST(n2 <= 63); /* no bitstring support */ diff --git a/lib/dns/ncache.c b/lib/dns/ncache.c index 420a118..1ac85e5 100644 --- a/lib/dns/ncache.c +++ b/lib/dns/ncache.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ncache.c,v 1.50.124.1.2.3 2011-06-21 20:15:47 each Exp $ */ +/* $Id: ncache.c,v 1.50.124.4 2011-06-08 23:02:42 each Exp $ */ /*! \file */ diff --git a/lib/dns/nsec.c b/lib/dns/nsec.c index 94c5163..506f5b7 100644 --- a/lib/dns/nsec.c +++ b/lib/dns/nsec.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsec.c,v 1.13 2009-01-06 23:47:57 tbox Exp $ */ +/* $Id: nsec.c,v 1.13.428.2 2011-03-12 04:59:17 tbox Exp $ */ /*! \file */ @@ -182,7 +182,7 @@ dns_nsec_build(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, 0, NULL); if (result == DNS_R_UNCHANGED) result = ISC_R_SUCCESS; - RETERR(result); + failure: if (dns_rdataset_isassociated(&rdataset)) dns_rdataset_disassociate(&rdataset); diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c index e75e744..d99f90e 100644 --- a/lib/dns/nsec3.c +++ b/lib/dns/nsec3.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006, 2008-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2006, 2008-2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsec3.c,v 1.19.96.1 2011-06-21 20:15:48 each Exp $ */ +/* $Id: nsec3.c,v 1.19.24.3 2011-06-08 23:02:42 each Exp $ */ #include <config.h> @@ -557,7 +557,7 @@ dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version, dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdataset_t rdataset; int pass; - isc_boolean_t exists; + isc_boolean_t exists = ISC_FALSE; isc_boolean_t maybe_remove_unsecure = ISC_FALSE; isc_uint8_t flags; isc_buffer_t buffer; diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c index 8c733f6..49670b1 100644 --- a/lib/dns/openssl_link.c +++ b/lib/dns/openssl_link.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -31,7 +31,7 @@ /* * Principal Author: Brian Wellington - * $Id: openssl_link.c,v 1.29 2010-09-15 12:38:36 tbox Exp $ + * $Id: openssl_link.c,v 1.29.54.2 2011-03-12 04:59:17 tbox Exp $ */ #ifdef OPENSSL @@ -50,16 +50,6 @@ #include "dst_internal.h" #include "dst_openssl.h" -#include <openssl/err.h> -#include <openssl/rand.h> -#include <openssl/evp.h> -#include <openssl/conf.h> -#include <openssl/crypto.h> - -#if defined(CRYPTO_LOCK_ENGINE) && (OPENSSL_VERSION_NUMBER >= 0x0090707f) -#define USE_ENGINE 1 -#endif - #ifdef USE_ENGINE #include <openssl/engine.h> #endif @@ -308,19 +298,19 @@ dst__openssl_toresult(isc_result_t fallback) { return (result); } +#if defined(USE_ENGINE) ENGINE * dst__openssl_getengine(const char *engine) { if (engine == NULL) return (NULL); -#if defined(USE_ENGINE) if (e == NULL) return (NULL); if (strcmp(engine, ENGINE_get_id(e)) == 0) return (e); -#endif return (NULL); } +#endif #else /* OPENSSL */ diff --git a/lib/dns/openssldsa_link.c b/lib/dns/openssldsa_link.c index ae88d4c..c266a26 100644 --- a/lib/dns/openssldsa_link.c +++ b/lib/dns/openssldsa_link.c @@ -29,7 +29,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: openssldsa_link.c,v 1.20 2011-01-11 23:47:13 tbox Exp $ */ +/* $Id: openssldsa_link.c,v 1.20.10.1 2011-03-11 06:47:04 marka Exp $ */ #ifdef OPENSSL #ifndef USE_EVP @@ -252,7 +252,6 @@ openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) { dsasig->r = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL); cp += ISC_SHA1_DIGESTLENGTH; dsasig->s = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL); - cp += ISC_SHA1_DIGESTLENGTH; #if 0 pkey = EVP_PKEY_new(); diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c index fcdc9f0..098529a 100644 --- a/lib/dns/opensslrsa_link.c +++ b/lib/dns/opensslrsa_link.c @@ -17,7 +17,7 @@ /* * Principal Author: Brian Wellington - * $Id: opensslrsa_link.c,v 1.39 2011-01-11 23:47:13 tbox Exp $ + * $Id: opensslrsa_link.c,v 1.39.10.2 2011-03-11 02:57:35 marka Exp $ */ #ifdef OPENSSL #include <config.h> @@ -51,7 +51,9 @@ #if OPENSSL_VERSION_NUMBER > 0x00908000L #include <openssl/bn.h> #endif +#ifdef USE_ENGINE #include <openssl/engine.h> +#endif /* * We don't use configure for windows so enforce the OpenSSL version @@ -1138,10 +1140,14 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { isc_result_t ret; int i; RSA *rsa = NULL, *pubrsa = NULL; +#ifdef USE_ENGINE ENGINE *e = NULL; +#endif isc_mem_t *mctx = key->mctx; const char *engine = NULL, *label = NULL; +#if defined(USE_ENGINE) || USE_EVP EVP_PKEY *pkey = NULL; +#endif #if USE_EVP if (pub != NULL && pub->keydata.pkey != NULL) @@ -1175,6 +1181,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { * See if we can fetch it. */ if (label != NULL) { +#ifdef USE_ENGINE if (engine == NULL) DST_RET(DST_R_NOENGINE); e = dst__openssl_getengine(engine); @@ -1209,6 +1216,9 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { dst__privstruct_free(&priv, mctx); memset(&priv, 0, sizeof(priv)); return (ISC_R_SUCCESS); +#else + DST_RET(DST_R_NOENGINE); +#endif } rsa = RSA_new(); @@ -1303,6 +1313,7 @@ static isc_result_t opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label, const char *pin) { +#ifdef USE_ENGINE ENGINE *e = NULL; isc_result_t ret; EVP_PKEY *pkey = NULL; @@ -1366,6 +1377,13 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label, if (pkey != NULL) EVP_PKEY_free(pkey); return (ret); +#else + UNUSED(key); + UNUSED(engine); + UNUSED(label); + UNUSED(pin); + return(DST_R_NOENGINE); +#endif } static dst_func_t opensslrsa_functions = { diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c index 6c14e8e..c733e50 100644 --- a/lib/dns/rbt.c +++ b/lib/dns/rbt.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbt.c,v 1.146 2009-10-27 04:46:58 marka Exp $ */ +/* $Id: rbt.c,v 1.146.278.2 2011-03-12 04:59:17 tbox Exp $ */ /*! \file */ @@ -718,6 +718,7 @@ dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname, */ compared = dns_namereln_none; last_compared = NULL; + order = 0; } dns_fixedname_init(&fixedcallbackname); @@ -1084,6 +1085,7 @@ dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname, ¤t_name, &order, &common_labels); + POST(compared); last_compared = current; @@ -1526,7 +1528,7 @@ rehash(dns_rbt_t *rbt) { oldsize = rbt->hashsize; oldtable = rbt->hashtable; - rbt->hashsize *= 2 + 1; + rbt->hashsize = rbt->hashsize * 2 + 1; rbt->hashtable = isc_mem_get(rbt->mctx, rbt->hashsize * sizeof(dns_rbtnode_t *)); if (rbt->hashtable == NULL) { @@ -1683,6 +1685,7 @@ dns_rbt_addonlevel(dns_rbtnode_t *node, dns_rbtnode_t *current, int order, } child = root; + POST(child); dns_name_init(&add_name, add_offsets); NODENAME(node, &add_name); diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c index d4415d8..9d66006 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb.c,v 1.310.8.1.2.1 2011-06-21 20:15:48 each Exp $ */ +/* $Id: rbtdb.c,v 1.310.8.5 2011-06-08 23:02:42 each Exp $ */ /*! \file */ @@ -436,8 +436,12 @@ typedef struct { rbtnodelist_t *deadnodes; /* - * Heaps. Each of these is used for TTL based expiry. + * Heaps. These are used for TTL based expiry in a cache, + * or for zone resigning in a zone DB. hmctx is the memory + * context to use for the heap (which differs from the main + * database memory context in the case of a cache). */ + isc_mem_t * hmctx; isc_heap_t **heaps; /* Locked by tree_lock. */ @@ -955,9 +959,8 @@ free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, isc_event_t *event) { if (rbtdb->heaps != NULL) { for (i = 0; i < rbtdb->node_lock_count; i++) isc_heap_destroy(&rbtdb->heaps[i]); - isc_mem_put(rbtdb->common.mctx, rbtdb->heaps, - rbtdb->node_lock_count * - sizeof(isc_heap_t *)); + isc_mem_put(rbtdb->hmctx, rbtdb->heaps, + rbtdb->node_lock_count * sizeof(isc_heap_t *)); } if (rbtdb->rrsetstats != NULL) @@ -979,6 +982,7 @@ free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, isc_event_t *event) { rbtdb->common.magic = 0; rbtdb->common.impmagic = 0; ondest = rbtdb->common.ondest; + isc_mem_detach(&rbtdb->hmctx); isc_mem_putanddetach(&rbtdb->common.mctx, rbtdb, sizeof(*rbtdb)); isc_ondestroy_notify(&ondest, rbtdb); } @@ -2691,10 +2695,15 @@ zone_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) { /* * Did we find anything? */ - if (dname_header != NULL) { + if (!IS_CACHE(search->rbtdb) && !IS_STUB(search->rbtdb) && + ns_header != NULL) { /* - * Note that DNAME has precedence over NS if both exist. + * Note that NS has precedence over DNAME if both exist + * in a zone. Otherwise DNAME take precedence over NS. */ + found = ns_header; + search->zonecut_sigrdataset = NULL; + } else if (dname_header != NULL) { found = dname_header; search->zonecut_sigrdataset = sigdname_header; } else if (ns_header != NULL) { @@ -4103,6 +4112,7 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, */ if (search.need_cleanup) { node = search.zonecut; + INSIST(node != NULL); lock = &(search.rbtdb->node_locks[node->locknum].lock); NODE_LOCK(lock, isc_rwlocktype_read); @@ -4404,6 +4414,7 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node, NODE_UNLOCK(lock, locktype); NODE_LOCK(lock, isc_rwlocktype_write); locktype = isc_rwlocktype_write; + POST(locktype); } if (need_headerupdate(found, search->now)) update_header(search->rbtdb, found, @@ -4908,15 +4919,9 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, cname_ok && cnamesig != NULL) { /* - * If we've already got the CNAME RRSIG, - * use it, otherwise change sigtype - * so that we find it. + * If we've already got the + * CNAME RRSIG, use it. */ - if (cnamesig != NULL) - foundsig = cnamesig; - else - sigtype = - RBTDB_RDATATYPE_SIGCNAME; foundsig = cnamesig; } } else if (header->type == sigtype) { @@ -5062,6 +5067,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, NODE_UNLOCK(lock, locktype); NODE_LOCK(lock, isc_rwlocktype_write); locktype = isc_rwlocktype_write; + POST(locktype); } if (update != NULL && need_headerupdate(update, search.now)) update_header(search.rbtdb, update, search.now); @@ -5079,6 +5085,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, */ if (search.need_cleanup) { node = search.zonecut; + INSIST(node != NULL); lock = &(search.rbtdb->node_locks[node->locknum].lock); NODE_LOCK(lock, isc_rwlocktype_read); @@ -5244,6 +5251,7 @@ cache_findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options, NODE_UNLOCK(lock, locktype); NODE_LOCK(lock, isc_rwlocktype_write); locktype = isc_rwlocktype_write; + POST(locktype); } if (need_headerupdate(found, search.now)) update_header(search.rbtdb, found, search.now); @@ -7463,16 +7471,21 @@ dns_rbtdb_create int i; dns_name_t name; isc_boolean_t (*sooner)(void *, void *); + isc_mem_t *hmctx = mctx; /* Keep the compiler happy. */ - UNUSED(argc); - UNUSED(argv); UNUSED(driverarg); rbtdb = isc_mem_get(mctx, sizeof(*rbtdb)); if (rbtdb == NULL) return (ISC_R_NOMEMORY); + /* + * If argv[0] exists, it points to a memory context to use for heap + */ + if (argc != 0) + hmctx = (isc_mem_t *) argv[0]; + memset(rbtdb, '\0', sizeof(*rbtdb)); dns_name_init(&rbtdb->common.origin, NULL); rbtdb->common.attributes = 0; @@ -7537,7 +7550,7 @@ dns_rbtdb_create /* * Create the heaps. */ - rbtdb->heaps = isc_mem_get(mctx, rbtdb->node_lock_count * + rbtdb->heaps = isc_mem_get(hmctx, rbtdb->node_lock_count * sizeof(isc_heap_t *)); if (rbtdb->heaps == NULL) { result = ISC_R_NOMEMORY; @@ -7547,7 +7560,7 @@ dns_rbtdb_create rbtdb->heaps[i] = NULL; sooner = IS_CACHE(rbtdb) ? ttl_sooner : resign_sooner; for (i = 0; i < (int)rbtdb->node_lock_count; i++) { - result = isc_heap_create(mctx, sooner, set_index, 0, + result = isc_heap_create(hmctx, sooner, set_index, 0, &rbtdb->heaps[i]); if (result != ISC_R_SUCCESS) goto cleanup_heaps; @@ -7591,6 +7604,7 @@ dns_rbtdb_create * mctx won't disappear out from under us. */ isc_mem_attach(mctx, &rbtdb->common.mctx); + isc_mem_attach(hmctx, &rbtdb->hmctx); /* * Must be initialized before free_rbtdb() is called. diff --git a/lib/dns/rbtdb.h b/lib/dns/rbtdb.h index f4249af..efa3944 100644 --- a/lib/dns/rbtdb.h +++ b/lib/dns/rbtdb.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb.h,v 1.18 2007-06-19 23:47:16 tbox Exp $ */ +/* $Id: rbtdb.h,v 1.18.814.2 2011-03-03 23:47:09 tbox Exp $ */ #ifndef DNS_RBTDB_H #define DNS_RBTDB_H 1 @@ -39,6 +39,19 @@ dns_rbtdb_create(isc_mem_t *mctx, dns_name_t *base, dns_dbtype_t type, dns_rdataclass_t rdclass, unsigned int argc, char *argv[], void *driverarg, dns_db_t **dbp); +/*%< + * Create a new database of type "rbt" (or "rbt64"). Called via + * dns_db_create(); see documentation for that function for more details. + * + * If argv[0] is set, it points to a valid memory context to be used for + * allocation of heap memory. Generally this is used for cache databases + * only. + * + * Requires: + * + * \li argc == 0 or argv[0] is a valid memory context. + */ + ISC_LANG_ENDDECLS #endif /* DNS_RBTDB_H */ diff --git a/lib/dns/rcode.c b/lib/dns/rcode.c index 18fedcd..81a4549 100644 --- a/lib/dns/rcode.c +++ b/lib/dns/rcode.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rcode.c,v 1.16 2010-12-23 04:07:58 marka Exp $ */ +/* $Id: rcode.c,v 1.16.14.2 2011-02-28 01:20:02 tbox Exp $ */ #include <config.h> #include <ctype.h> @@ -494,6 +494,9 @@ dns_rdataclass_format(dns_rdataclass_t rdclass, isc_result_t result; isc_buffer_t buf; + if (size == 0U) + return; + isc_buffer_init(&buf, array, size); result = dns_rdataclass_totext(rdclass, &buf); /* @@ -505,8 +508,6 @@ dns_rdataclass_format(dns_rdataclass_t rdclass, else result = ISC_R_NOSPACE; } - if (result != ISC_R_SUCCESS) { - snprintf(array, size, "<unknown>"); - array[size - 1] = '\0'; - } + if (result != ISC_R_SUCCESS) + strlcpy(array, "<unknown>", size); } diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c index c282b03..063b1f6 100644 --- a/lib/dns/rdata.c +++ b/lib/dns/rdata.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdata.c,v 1.209 2011-01-13 04:59:25 tbox Exp $ */ +/* $Id: rdata.c,v 1.209.8.2 2011-03-11 06:47:05 marka Exp $ */ /*! \file */ @@ -708,6 +708,7 @@ rdata_totext(dns_rdata_t *rdata, dns_rdata_textctx_t *tctx, if (use_default) { strlcpy(buf, "\\# ", sizeof(buf)); result = str_totext(buf, target); + INSIST(result == ISC_R_SUCCESS); dns_rdata_toregion(rdata, &sr); INSIST(sr.length < 65536); snprintf(buf, sizeof(buf), "%u", sr.length); @@ -963,6 +964,9 @@ dns_rdatatype_format(dns_rdatatype_t rdtype, isc_result_t result; isc_buffer_t buf; + if (size == 0U) + return; + isc_buffer_init(&buf, array, size); result = dns_rdatatype_totext(rdtype, &buf); /* @@ -974,10 +978,8 @@ dns_rdatatype_format(dns_rdatatype_t rdtype, else result = ISC_R_NOSPACE; } - if (result != ISC_R_SUCCESS) { - snprintf(array, size, "<unknown>"); - array[size - 1] = '\0'; - } + if (result != ISC_R_SUCCESS) + strlcpy(array, "<unknown>", size); } /* diff --git a/lib/dns/rdatalist.c b/lib/dns/rdatalist.c index d30aff9..dcf6b45 100644 --- a/lib/dns/rdatalist.c +++ b/lib/dns/rdatalist.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2008, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008, 2010, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdatalist.c,v 1.40 2010-11-16 05:38:31 marka Exp $ */ +/* $Id: rdatalist.c,v 1.40.40.2 2011-02-28 01:20:02 tbox Exp $ */ /*! \file */ @@ -54,6 +54,8 @@ static dns_rdatasetmethods_t methods = { void dns_rdatalist_init(dns_rdatalist_t *rdatalist) { + REQUIRE(rdatalist != NULL); + /* * Initialize rdatalist. */ @@ -125,6 +127,8 @@ isc_result_t isc__rdatalist_next(dns_rdataset_t *rdataset) { dns_rdata_t *rdata; + REQUIRE(rdataset != NULL); + rdata = rdataset->private2; if (rdata == NULL) return (ISC_R_NOMORE); @@ -141,6 +145,8 @@ void isc__rdatalist_current(dns_rdataset_t *rdataset, dns_rdata_t *rdata) { dns_rdata_t *list_rdata; + REQUIRE(rdataset != NULL); + list_rdata = rdataset->private2; INSIST(list_rdata != NULL); @@ -149,6 +155,10 @@ isc__rdatalist_current(dns_rdataset_t *rdataset, dns_rdata_t *rdata) { void isc__rdatalist_clone(dns_rdataset_t *source, dns_rdataset_t *target) { + + REQUIRE(source != NULL); + REQUIRE(target != NULL); + *target = *source; /* @@ -163,6 +173,8 @@ isc__rdatalist_count(dns_rdataset_t *rdataset) { dns_rdata_t *rdata; unsigned int count; + REQUIRE(rdataset != NULL); + rdatalist = rdataset->private1; count = 0; @@ -181,6 +193,8 @@ isc__rdatalist_addnoqname(dns_rdataset_t *rdataset, dns_name_t *name) { dns_rdataset_t *rdset; dns_ttl_t ttl; + REQUIRE(rdataset != NULL); + for (rdset = ISC_LIST_HEAD(name->list); rdset != NULL; rdset = ISC_LIST_NEXT(rdset, link)) @@ -228,7 +242,9 @@ isc__rdatalist_getnoqname(dns_rdataset_t *rdataset, dns_name_t *name, dns_rdataset_t *tnegsig = NULL; dns_name_t *noqname = rdataset->private6; + REQUIRE(rdataset != NULL); REQUIRE((rdataset->attributes & DNS_RDATASETATTR_NOQNAME) != 0); + (void)dns_name_dynamic(noqname); /* Sanity Check. */ for (rdataset = ISC_LIST_HEAD(noqname->list); @@ -268,6 +284,8 @@ isc__rdatalist_addclosest(dns_rdataset_t *rdataset, dns_name_t *name) { dns_rdataset_t *rdset; dns_ttl_t ttl; + REQUIRE(rdataset != NULL); + for (rdset = ISC_LIST_HEAD(name->list); rdset != NULL; rdset = ISC_LIST_NEXT(rdset, link)) @@ -315,7 +333,9 @@ isc__rdatalist_getclosest(dns_rdataset_t *rdataset, dns_name_t *name, dns_rdataset_t *tnegsig = NULL; dns_name_t *closest = rdataset->private7; + REQUIRE(rdataset != NULL); REQUIRE((rdataset->attributes & DNS_RDATASETATTR_CLOSEST) != 0); + (void)dns_name_dynamic(closest); /* Sanity Check. */ for (rdataset = ISC_LIST_HEAD(closest->list); diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c index fdd7669..627f20d 100644 --- a/lib/dns/rdataset.c +++ b/lib/dns/rdataset.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataset.c,v 1.86.220.3 2011-06-21 20:15:53 each Exp $ */ +/* $Id: rdataset.c,v 1.86.148.4 2011-06-08 23:02:42 each Exp $ */ /*! \file */ @@ -319,7 +319,7 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, dns_rdata_t rdata = DNS_RDATA_INIT; isc_region_t r; isc_result_t result; - unsigned int i, count, added, choice; + unsigned int i, count = 0, added, choice; isc_buffer_t savedbuffer, rdlen, rrbuffer; unsigned int headlen; isc_boolean_t question = ISC_FALSE; @@ -339,7 +339,6 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, REQUIRE((order == NULL) == (order_arg == NULL)); REQUIRE(cctx != NULL && cctx->mctx != NULL); - count = 0; if ((rdataset->attributes & DNS_RDATASETATTR_QUESTION) != 0) { question = ISC_TRUE; count = 1; diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c index 932f8de..a41f16f 100644 --- a/lib/dns/rdataslab.c +++ b/lib/dns/rdataslab.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataslab.c,v 1.52.148.1.2.1 2011-06-02 23:47:35 tbox Exp $ */ +/* $Id: rdataslab.c,v 1.52.148.2 2011-02-28 01:20:02 tbox Exp $ */ /*! \file */ diff --git a/lib/dns/request.c b/lib/dns/request.c index b5d6248..bc378af 100644 --- a/lib/dns/request.c +++ b/lib/dns/request.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: request.c,v 1.87 2010-03-04 23:50:34 tbox Exp $ */ +/* $Id: request.c,v 1.87.148.2 2011-03-12 04:59:17 tbox Exp $ */ /*! \file */ @@ -428,12 +428,10 @@ req_send(dns_request_t *request, isc_task_t *task, isc_sockaddr_t *address) { isc_region_t r; isc_socket_t *socket; isc_result_t result; - unsigned int dispattr; req_log(ISC_LOG_DEBUG(3), "req_send: request %p", request); REQUIRE(VALID_REQUEST(request)); - dispattr = dns_dispatch_getattributes(request->dispatch); socket = req_getsocket(request); isc_buffer_usedregion(request->query, &r); /* diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index 6d9ab70..717c932 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resolver.c,v 1.428.6.5.2.1 2011-06-21 20:15:53 each Exp $ */ +/* $Id: resolver.c,v 1.428.6.7 2011-06-08 23:02:43 each Exp $ */ /*! \file */ @@ -2545,7 +2545,7 @@ fctx_getaddresses(fetchctx_t *fctx, isc_boolean_t badcache) { isc_result_t result; dns_resolver_t *res; isc_stdtime_t now; - unsigned int stdoptions; + unsigned int stdoptions = 0; isc_sockaddr_t *sa; dns_adbaddrinfo_t *ai; isc_boolean_t all_bad; @@ -2564,7 +2564,6 @@ fctx_getaddresses(fetchctx_t *fctx, isc_boolean_t badcache) { } res = fctx->res; - stdoptions = 0; /* Keep compiler happy. */ /* * Forwarders. @@ -4247,6 +4246,8 @@ validated(isc_task_t *task, isc_event_t *event) { sigrdataset, 0, NULL); dns_db_detachnode(fctx->cache, &nsnode); + if (result != ISC_R_SUCCESS) + continue; } result = dns_message_nextname(fctx->rmessage, DNS_SECTION_AUTHORITY); @@ -4309,6 +4310,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, res = fctx->res; need_validation = ISC_FALSE; + POST(need_validation); secure_domain = ISC_FALSE; have_answer = ISC_FALSE; eresult = ISC_R_SUCCESS; @@ -4776,6 +4778,7 @@ ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, res = fctx->res; need_validation = ISC_FALSE; + POST(need_validation); secure_domain = ISC_FALSE; eresult = ISC_R_SUCCESS; name = &fctx->name; @@ -5684,6 +5687,7 @@ answer_response(fetchctx_t *fctx) { chaining = ISC_FALSE; have_answer = ISC_FALSE; want_chaining = ISC_FALSE; + POST(want_chaining); if ((message->flags & DNS_MESSAGEFLAG_AA) != 0) aa = ISC_TRUE; else @@ -5907,6 +5911,7 @@ answer_response(fetchctx_t *fctx) { } found = ISC_TRUE; want_chaining = ISC_TRUE; + POST(want_chaining); aflag = DNS_RDATASETATTR_ANSWER; result = dname_target(fctx, rdataset, qname, name, @@ -5918,6 +5923,7 @@ answer_response(fetchctx_t *fctx) { * try to continue. */ want_chaining = ISC_FALSE; + POST(want_chaining); } else if (result != ISC_R_SUCCESS) return (result); else @@ -6782,6 +6788,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) { unsigned int version; resend = ISC_TRUE; + INSIST(opt != NULL); version = (opt->ttl >> 16) & 0xff; flags = (version << DNS_FETCHOPT_EDNSVERSIONSHIFT) | DNS_FETCHOPT_EDNSVERSIONSET; @@ -8276,10 +8283,8 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name, resolver->badcache = isc_mem_get(resolver->mctx, sizeof(*resolver->badcache) * DNS_BADCACHE_SIZE); - if (resolver->badcache == NULL) { - result = ISC_R_NOMEMORY; + if (resolver->badcache == NULL) goto cleanup; - } resolver->badhash = DNS_BADCACHE_SIZE; memset(resolver->badcache, 0, sizeof(*resolver->badcache) * resolver->badhash); @@ -8309,10 +8314,8 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name, if (bad == NULL) { isc_buffer_t buffer; bad = isc_mem_get(resolver->mctx, sizeof(*bad) + name->length); - if (bad == NULL) { - result = ISC_R_NOMEMORY; + if (bad == NULL) goto cleanup; - } bad->type = type; bad->hashval = hashval; isc_buffer_init(&buffer, bad + 1, name->length); diff --git a/lib/dns/sdb.c b/lib/dns/sdb.c index d27007d..f644991 100644 --- a/lib/dns/sdb.c +++ b/lib/dns/sdb.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sdb.c,v 1.76 2011-01-13 04:59:25 tbox Exp $ */ +/* $Id: sdb.c,v 1.76.8.1 2011-03-14 13:40:14 fdupont Exp $ */ /*! \file */ @@ -1334,7 +1334,7 @@ dns_sdb_create(isc_mem_t *mctx, dns_name_t *origin, dns_dbtype_t type, cleanup_origin: dns_name_free(&sdb->common.origin, mctx); cleanup_lock: - isc_mutex_destroy(&sdb->lock); + (void)isc_mutex_destroy(&sdb->lock); cleanup_mctx: isc_mem_put(mctx, sdb, sizeof(dns_sdb_t)); isc_mem_detach(&mctx); diff --git a/lib/dns/sdlz.c b/lib/dns/sdlz.c index e684e1d..ba61872 100644 --- a/lib/dns/sdlz.c +++ b/lib/dns/sdlz.c @@ -50,7 +50,7 @@ * USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sdlz.c,v 1.31 2011-01-13 06:29:16 marka Exp $ */ +/* $Id: sdlz.c,v 1.31.8.2 2011-03-21 19:53:34 each Exp $ */ /*! \file */ @@ -336,7 +336,7 @@ destroy(dns_sdlz_db_t *sdlz) { sdlz->common.magic = 0; sdlz->common.impmagic = 0; - isc_mutex_destroy(&sdlz->refcnt_lock); + (void)isc_mutex_destroy(&sdlz->refcnt_lock); dns_name_free(&sdlz->common.origin, mctx); @@ -1680,7 +1680,7 @@ dns_sdlzssumatch(dns_name_t *signer, dns_name_t *name, isc_netaddr_t *tcpaddr, char b_addr[ISC_NETADDR_FORMATSIZE]; char b_type[DNS_RDATATYPE_FORMATSIZE]; char b_key[DST_KEY_FORMATSIZE]; - isc_buffer_t *tkey_token; + isc_buffer_t *tkey_token = NULL; isc_region_t token_region; isc_uint32_t token_len = 0; isc_boolean_t ret; @@ -1695,28 +1695,27 @@ dns_sdlzssumatch(dns_name_t *signer, dns_name_t *name, isc_netaddr_t *tcpaddr, * Format the request elements. sdlz operates on strings, not * structures */ - if (signer) + if (signer != NULL) dns_name_format(signer, b_signer, sizeof(b_signer)); else b_signer[0] = 0; dns_name_format(name, b_name, sizeof(b_name)); - if (tcpaddr) + if (tcpaddr != NULL) isc_netaddr_format(tcpaddr, b_addr, sizeof(b_addr)); else b_addr[0] = 0; dns_rdatatype_format(type, b_type, sizeof(b_type)); - if (key) + if (key != NULL) { dst_key_format(key, b_key, sizeof(b_key)); - else + tkey_token = dst_key_tkeytoken(key); + } else b_key[0] = 0; - tkey_token = dst_key_tkeytoken(key); - - if (tkey_token) { + if (tkey_token != NULL) { isc_buffer_region(tkey_token, &token_region); token_len = token_region.length; } @@ -1724,7 +1723,7 @@ dns_sdlzssumatch(dns_name_t *signer, dns_name_t *name, isc_netaddr_t *tcpaddr, MAYBE_LOCK(imp); ret = imp->methods->ssumatch(b_signer, b_name, b_addr, b_type, b_key, token_len, - token_len ? token_region.base : NULL, + token_len != 0 ? token_region.base : NULL, imp->driverarg, dbdata); MAYBE_UNLOCK(imp); return (ret); diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c index 5ad492c..883242d 100644 --- a/lib/dns/spnego.c +++ b/lib/dns/spnego.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: spnego.c,v 1.16 2011-01-11 23:47:13 tbox Exp $ */ +/* $Id: spnego.c,v 1.16.10.2 2011-04-04 11:10:57 marka Exp $ */ /*! \file * \brief @@ -377,7 +377,7 @@ cmp_gss_type(gss_buffer_t token, gss_OID oid) unsigned char *p; size_t len; - if (token->length == 0) + if (token->length == 0U) return (GSS_S_DEFECTIVE_TOKEN); p = token->value; @@ -385,7 +385,7 @@ cmp_gss_type(gss_buffer_t token, gss_OID oid) return (GSS_S_DEFECTIVE_TOKEN); len = *p++; if (len & 0x80) { - if ((len & 0x7f) > 4) + if ((len & 0x7f) > 4U) return (GSS_S_DEFECTIVE_TOKEN); p += len & 0x7f; } @@ -531,7 +531,7 @@ send_accept(OM_uint32 * minor_status, *minor_status = ENOMEM; return (GSS_S_FAILURE); } - if (mech_token != NULL && mech_token->length != 0) { + if (mech_token != NULL && mech_token->length != 0U) { resp.responseToken = malloc(sizeof(*resp.responseToken)); if (resp.responseToken == NULL) { free_NegTokenResp(&resp); @@ -675,7 +675,7 @@ gss_accept_sec_context_spnego(OM_uint32 *minor_status, ot = &obuf; } ret = send_accept(&minor_status2, output_token, ot, pref); - if (ot != NULL && ot->length != 0) + if (ot != NULL && ot->length != 0U) gss_release_buffer(&minor_status2, ot); return (ret); @@ -692,7 +692,7 @@ gssapi_verify_mech_header(u_char ** str, int e; u_char *p = *str; - if (total_len < 1) + if (total_len < 1U) return (GSS_S_DEFECTIVE_TOKEN); if (*p++ != 0x60) return (GSS_S_DEFECTIVE_TOKEN); @@ -792,7 +792,7 @@ der_get_int(const unsigned char *p, size_t len, int val = 0; size_t oldlen = len; - if (len > 0) { + if (len > 0U) { val = (signed char)*p++; while (--len) val = val * 256 + *p++; @@ -809,11 +809,11 @@ der_get_length(const unsigned char *p, size_t len, { size_t v; - if (len <= 0) + if (len <= 0U) return (ASN1_OVERRUN); --len; v = *p++; - if (v < 128) { + if (v < 128U) { *val = v; if (size) *size = 1; @@ -822,7 +822,7 @@ der_get_length(const unsigned char *p, size_t len, size_t l; unsigned tmp; - if (v == 0x80) { + if (v == 0x80U) { *val = ASN1_INDEFINITE; if (size) *size = 1; @@ -847,7 +847,7 @@ der_get_octet_string(const unsigned char *p, size_t len, { data->length = len; data->data = malloc(len); - if (data->data == NULL && data->length != 0) + if (data->data == NULL && data->length != 0U) return (ENOMEM); memcpy(data->data, p, len); if (size) @@ -862,23 +862,23 @@ der_get_oid(const unsigned char *p, size_t len, int n; size_t oldlen = len; - if (len < 1) + if (len < 1U) return (ASN1_OVERRUN); data->components = malloc(len * sizeof(*data->components)); - if (data->components == NULL && len != 0) + if (data->components == NULL && len != 0U) return (ENOMEM); data->components[0] = (*p) / 40; data->components[1] = (*p) % 40; --len; ++p; - for (n = 2; len > 0; ++n) { + for (n = 2; len > 0U; ++n) { unsigned u = 0; do { --len; u = u * 128 + (*p++ % 128); - } while (len > 0 && p[-1] & 0x80); + } while (len > 0U && p[-1] & 0x80); data->components[n] = u; } if (p[-1] & 0x80) { @@ -896,7 +896,7 @@ der_get_tag(const unsigned char *p, size_t len, Der_class *class, Der_type *type, int *tag, size_t *size) { - if (len < 1) + if (len < 1U) return (ASN1_OVERRUN); *class = (Der_class) (((*p) >> 6) & 0x03); *type = (Der_type) (((*p) >> 5) & 0x01); @@ -1086,7 +1086,7 @@ len_unsigned(unsigned val) static size_t length_len(size_t len) { - if (len < 128) + if (len < 128U) return (1); else return (len_unsigned(len) + 1); @@ -1108,7 +1108,7 @@ der_put_unsigned(unsigned char *p, size_t len, unsigned val, size_t *size) unsigned char *base = p; if (val) { - while (len > 0 && val) { + while (len > 0U && val) { *p-- = val % 256; val /= 256; --len; @@ -1119,7 +1119,7 @@ der_put_unsigned(unsigned char *p, size_t len, unsigned val, size_t *size) *size = base - p; return (0); } - } else if (len < 1) + } else if (len < 1U) return (ASN1_OVERFLOW); else { *p = 0; @@ -1135,14 +1135,14 @@ der_put_int(unsigned char *p, size_t len, int val, size_t *size) if (val >= 0) { do { - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); *p-- = val % 256; len--; val /= 256; } while (val); if (p[1] >= 128) { - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); *p-- = 0; len--; @@ -1150,14 +1150,14 @@ der_put_int(unsigned char *p, size_t len, int val, size_t *size) } else { val = ~val; do { - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); *p-- = ~(val % 256); len--; val /= 256; } while (val); if (p[1] < 128) { - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); *p-- = 0xff; len--; @@ -1170,9 +1170,9 @@ der_put_int(unsigned char *p, size_t len, int val, size_t *size) static int der_put_length(unsigned char *p, size_t len, size_t val, size_t *size) { - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); - if (val < 128) { + if (val < 128U) { *p = val; *size = 1; return (0); @@ -1213,20 +1213,20 @@ der_put_oid(unsigned char *p, size_t len, for (n = data->length - 1; n >= 2; --n) { unsigned u = data->components[n]; - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); *p-- = u % 128; u /= 128; --len; while (u > 0) { - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); *p-- = 128 + u % 128; u /= 128; --len; } } - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); *p-- = 40 * data->components[0] + data->components[1]; *size = base - p; @@ -1237,7 +1237,7 @@ static int der_put_tag(unsigned char *p, size_t len, Der_class class, Der_type type, int tag, size_t *size) { - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); *p = (class << 6) | (type << 5) | tag; /* XXX */ *size = 1; @@ -1403,7 +1403,7 @@ gssapi_spnego_encapsulate(OM_uint32 * minor_status, } p = gssapi_mech_make_header(output_token->value, len, mech); if (p == NULL) { - if (output_token->length != 0) + if (output_token->length != 0U) gss_release_buffer(minor_status, output_token); return (GSS_S_FAILURE); } @@ -1451,7 +1451,7 @@ gssapi_krb5_get_mech(const u_char *ptr, const u_char *p = ptr; int e; - if (total_len < 1) + if (total_len < 1U) return (-1); if (*p++ != 0x60) return (-1); @@ -1521,7 +1521,7 @@ spnego_initial(OM_uint32 *minor_status, ret = major_status; goto end; } - if (krb5_output_token.length > 0) { + if (krb5_output_token.length > 0U) { token_init.mechToken = malloc(sizeof(*token_init.mechToken)); if (token_init.mechToken == NULL) { *minor_status = ENOMEM; @@ -1588,7 +1588,7 @@ end: token_init.mechToken = NULL; } free_NegTokenInit(&token_init); - if (krb5_output_token.length != 0) + if (krb5_output_token.length != 0U) gss_release_buffer(&minor_status2, &krb5_output_token); if (buf) free(buf); @@ -1758,7 +1758,7 @@ gss_init_sec_context_spnego(OM_uint32 *minor_status, /* Figure out whether we're starting over or processing a reply */ - if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) + if (input_token == GSS_C_NO_BUFFER || input_token->length == 0U) return (spnego_initial(minor_status, initiator_cred_handle, context_handle, diff --git a/lib/dns/ssu_external.c b/lib/dns/ssu_external.c index ac72a1f..3cb0d3e 100644 --- a/lib/dns/ssu_external.c +++ b/lib/dns/ssu_external.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ssu_external.c,v 1.7 2011-01-13 07:05:57 marka Exp $ */ +/* $Id: ssu_external.c,v 1.7.8.1 2011-03-21 19:53:34 each Exp $ */ /* * This implements external update-policy rules. This allows permission @@ -128,7 +128,7 @@ dns_ssu_external_match(dns_name_t *identity, char b_addr[ISC_NETADDR_FORMATSIZE]; char b_type[DNS_RDATATYPE_FORMATSIZE]; char b_key[DST_KEY_FORMATSIZE]; - isc_buffer_t *tkey_token; + isc_buffer_t *tkey_token = NULL; int fd; const char *sock_path; size_t req_len; @@ -154,33 +154,32 @@ dns_ssu_external_match(dns_name_t *identity, if (fd == -1) return (ISC_FALSE); - tkey_token = dst_key_tkeytoken(key); + if (key != NULL) { + dst_key_format(key, b_key, sizeof(b_key)); + tkey_token = dst_key_tkeytoken(key); + } else + b_key[0] = 0; + + if (tkey_token != NULL) { + isc_buffer_region(tkey_token, &token_region); + token_len = token_region.length; + } /* Format the request elements */ - if (signer) + if (signer != NULL) dns_name_format(signer, b_signer, sizeof(b_signer)); else b_signer[0] = 0; dns_name_format(name, b_name, sizeof(b_name)); - if (tcpaddr) + if (tcpaddr != NULL) isc_netaddr_format(tcpaddr, b_addr, sizeof(b_addr)); else b_addr[0] = 0; dns_rdatatype_format(type, b_type, sizeof(b_type)); - if (key) - dst_key_format(key, b_key, sizeof(b_key)); - else - b_key[0] = 0; - - if (tkey_token) { - isc_buffer_region(tkey_token, &token_region); - token_len = token_region.length; - } - /* Work out how big the request will be */ req_len = sizeof(isc_uint32_t) + /* Format version */ sizeof(isc_uint32_t) + /* Length */ diff --git a/lib/dns/time.c b/lib/dns/time.c index 3f55f19..a20a936 100644 --- a/lib/dns/time.c +++ b/lib/dns/time.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: time.c,v 1.35 2010-04-21 23:51:22 tbox Exp $ */ +/* $Id: time.c,v 1.35.132.2 2011-03-09 23:46:55 tbox Exp $ */ /*! \file */ @@ -28,6 +28,7 @@ #include <isc/print.h> #include <isc/region.h> +#include <isc/serial.h> #include <isc/stdtime.h> #include <isc/util.h> @@ -44,13 +45,21 @@ dns_time64_totext(isc_int64_t t, isc_buffer_t *target) { unsigned int l; isc_region_t region; - REQUIRE(t >= 0); - +/* + * Warning. Do NOT use arguments with side effects with these macros. + */ #define is_leap(y) ((((y) % 4) == 0 && ((y) % 100) != 0) || ((y) % 400) == 0) #define year_secs(y) ((is_leap(y) ? 366 : 365 ) * 86400) #define month_secs(m,y) ((days[m] + ((m == 1 && is_leap(y)) ? 1 : 0 )) * 86400) tm.tm_year = 70; + while (t < 0) { + if (tm.tm_year == 0) + return (ISC_R_RANGE); + tm.tm_year--; + secs = year_secs(tm.tm_year + 1900); + t += secs; + } while ((secs = year_secs(tm.tm_year + 1900)) <= t) { t -= secs; tm.tm_year++; @@ -98,7 +107,6 @@ isc_result_t dns_time32_totext(isc_uint32_t value, isc_buffer_t *target) { isc_stdtime_t now; isc_int64_t start; - isc_int64_t base; isc_int64_t t; /* @@ -109,12 +117,10 @@ dns_time32_totext(isc_uint32_t value, isc_buffer_t *target) { */ isc_stdtime_get(&now); start = (isc_int64_t) now; - start -= 0x7fffffff; - base = 0; - while ((t = (base + value)) < start) { - base += 0x80000000; - base += 0x80000000; - } + if (isc_serial_gt(value, now)) + t = start + (value - now); + else + t = start - (now - value); return (dns_time64_totext(t, target)); } @@ -145,7 +151,7 @@ dns_time64_fromtext(const char *source, isc_int64_t *target) { &year, &month, &day, &hour, &minute, &second) != 6) return (DNS_R_SYNTAX); - RANGE(1970, 9999, year); + RANGE(0, 9999, year); RANGE(1, 12, month); RANGE(1, days[month - 1] + ((month == 2 && is_leap(year)) ? 1 : 0), day); @@ -154,16 +160,24 @@ dns_time64_fromtext(const char *source, isc_int64_t *target) { RANGE(0, 60, second); /* 60 == leap second. */ /* - * Calculate seconds since epoch. + * Calculate seconds from epoch. + * Note: this uses a idealized calendar. */ value = second + (60 * minute) + (3600 * hour) + ((day - 1) * 86400); for (i = 0; i < (month - 1); i++) value += days[i] * 86400; if (is_leap(year) && month > 2) value += 86400; - for (i = 1970; i < year; i++) { - secs = (is_leap(i) ? 366 : 365) * 86400; - value += secs; + if (year < 1970) { + for (i = 1969; i >= year; i--) { + secs = (is_leap(i) ? 366 : 365) * 86400; + value -= secs; + } + } else { + for (i = 1970; i < year; i++) { + secs = (is_leap(i) ? 366 : 365) * 86400; + value += secs; + } } *target = value; diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c index a861ee3..887c356 100644 --- a/lib/dns/tkey.c +++ b/lib/dns/tkey.c @@ -16,7 +16,7 @@ */ /* - * $Id: tkey.c,v 1.100 2011-01-08 23:47:01 tbox Exp $ + * $Id: tkey.c,v 1.100.12.1 2011-03-11 06:47:05 marka Exp $ */ /*! \file */ #include <config.h> @@ -75,7 +75,9 @@ _dns_tkey_dumpmessage(dns_message_t *msg) { isc_buffer_init(&outbuf, output, sizeof(output)); result = dns_message_totext(msg, &dns_master_style_debug, 0, &outbuf); - /* XXXMLG ignore result */ + if (result != ISC_R_SUCCESS) + fprintf(stderr, "Warning: dns_message_totext returned: %s\n", + dns_result_totext(result)); fprintf(stderr, "%.*s\n", (int)isc_buffer_usedlength(&outbuf), (char *)isc_buffer_base(&outbuf)); } @@ -179,8 +181,10 @@ add_rdata_to_list(dns_message_t *msg, dns_name_t *name, dns_rdata_t *rdata, failure: if (newrdata != NULL) { - if (ISC_LINK_LINKED(newrdata, link)) + if (ISC_LINK_LINKED(newrdata, link)) { + INSIST(newlist != NULL); ISC_LIST_UNLINK(newlist->rdata, newrdata, link); + } dns_message_puttemprdata(msg, &newrdata); } if (newname != NULL) @@ -518,7 +522,7 @@ process_gsstkey(dns_name_t *name, dns_rdata_tkey_t *tkeyin, tkeyout->expire = expire; } else { tkeyout->inception = tsigkey->inception; - tkeyout->expire = tkeyout->expire; + tkeyout->expire = tsigkey->expire; dns_tsigkey_detach(&tsigkey); } diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c index cec5222..74ef8d4 100644 --- a/lib/dns/tsig.c +++ b/lib/dns/tsig.c @@ -16,7 +16,7 @@ */ /* - * $Id: tsig.c,v 1.147 2011-01-11 23:47:13 tbox Exp $ + * $Id: tsig.c,v 1.147.10.1 2011-03-21 19:53:34 each Exp $ */ /*! \file */ #include <config.h> @@ -619,7 +619,7 @@ restore_key(dns_tsig_keyring_t *ring, isc_stdtime_t now, FILE *fp) { result = dns_tsigkey_createfromkey(name, algorithm, dstkey, ISC_TRUE, creator, inception, expire, ring->mctx, ring, NULL); - if (result != ISC_R_SUCCESS && dstkey != NULL) + if (dstkey != NULL) dst_key_free(&dstkey); return (result); } diff --git a/lib/dns/ttl.c b/lib/dns/ttl.c index 3e41d63..d31503e 100644 --- a/lib/dns/ttl.c +++ b/lib/dns/ttl.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ttl.c,v 1.29 2007-06-19 23:47:16 tbox Exp $ */ +/* $Id: ttl.c,v 1.29.814.2 2011-03-12 04:59:18 tbox Exp $ */ /*! \file */ @@ -86,6 +86,7 @@ dns_ttl_totext(isc_uint32_t src, isc_boolean_t verbose, isc_buffer_t *target) { hours = src % 24; src /= 24; days = src % 7; src /= 7; weeks = src; src = 0; + POST(src); x = 0; if (weeks != 0) { diff --git a/lib/dns/validator.c b/lib/dns/validator.c index 6c0d38d..9c532a2 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.c,v 1.197.40.3 2011-06-21 20:15:54 each Exp $ */ +/* $Id: validator.c,v 1.197.14.7 2011-06-08 23:02:43 each Exp $ */ #include <config.h> @@ -330,7 +330,6 @@ isdelegation(dns_name_t *name, dns_rdataset_t *rdataset, dns_fixedname_init(&fixed); dns_name_downcase(name, dns_fixedname_name(&fixed), NULL); name = dns_fixedname_name(&fixed); - result = dns_rdataset_first(rdataset); for (result = dns_rdataset_first(rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(rdataset)) @@ -514,7 +513,8 @@ dsfetched(isc_task_t *task, isc_event_t *event) { result = validatezonekey(val); if (result != DNS_R_WAIT) validator_done(val, result); - } else if (eresult == DNS_R_NXRRSET || + } else if (eresult == DNS_R_CNAME || + eresult == DNS_R_NXRRSET || eresult == DNS_R_NCACHENXRRSET || eresult == DNS_R_SERVFAIL) /* RFC 1034 parent? */ { @@ -582,12 +582,16 @@ dsfetched2(isc_task_t *task, isc_event_t *event) { LOCK(&val->lock); if (CANCELED(val)) { validator_done(val, ISC_R_CANCELED); - } else if (eresult == DNS_R_NXRRSET || eresult == DNS_R_NCACHENXRRSET) { + } else if (eresult == DNS_R_CNAME || + eresult == DNS_R_NXRRSET || + eresult == DNS_R_NCACHENXRRSET) + { /* * There is no DS. If this is a delegation, we're done. */ tname = dns_fixedname_name(&devent->foundname); - if (isdelegation(tname, &val->frdataset, eresult)) { + if (eresult != DNS_R_CNAME && + isdelegation(tname, &val->frdataset, eresult)) { if (val->mustbesecure) { validator_log(val, ISC_LOG_WARNING, "must be secure failure, no DS" @@ -781,6 +785,60 @@ dsvalidated(isc_task_t *task, isc_event_t *event) { } /*% + * Callback when the CNAME record has been validated. + * + * Resumes validation of the unsecure zone proof. + */ +static void +cnamevalidated(isc_task_t *task, isc_event_t *event) { + dns_validatorevent_t *devent; + dns_validator_t *val; + isc_boolean_t want_destroy; + isc_result_t result; + isc_result_t eresult; + + UNUSED(task); + INSIST(event->ev_type == DNS_EVENT_VALIDATORDONE); + + devent = (dns_validatorevent_t *)event; + val = devent->ev_arg; + eresult = devent->result; + + isc_event_free(&event); + dns_validator_destroy(&val->subvalidator); + + INSIST(val->event != NULL); + INSIST((val->attributes & VALATTR_INSECURITY) != 0); + + validator_log(val, ISC_LOG_DEBUG(3), "in cnamevalidated"); + LOCK(&val->lock); + if (CANCELED(val)) { + validator_done(val, ISC_R_CANCELED); + } else if (eresult == ISC_R_SUCCESS) { + validator_log(val, ISC_LOG_DEBUG(3), "cname with trust %s", + dns_trust_totext(val->frdataset.trust)); + result = proveunsecure(val, ISC_FALSE, ISC_TRUE); + if (result != DNS_R_WAIT) + validator_done(val, result); + } else { + if (eresult != DNS_R_BROKENCHAIN) { + if (dns_rdataset_isassociated(&val->frdataset)) + dns_rdataset_expire(&val->frdataset); + if (dns_rdataset_isassociated(&val->fsigrdataset)) + dns_rdataset_expire(&val->fsigrdataset); + } + validator_log(val, ISC_LOG_DEBUG(3), + "cnamevalidated: got %s", + isc_result_totext(eresult)); + validator_done(val, DNS_R_BROKENCHAIN); + } + want_destroy = exit_check(val); + UNLOCK(&val->lock); + if (want_destroy) + destroy(val); +} + +/*% * Return ISC_R_SUCCESS if we can determine that the name doesn't exist * or we can determine whether there is data or not at the name. * If the name does not exist return the wildcard name. @@ -1236,7 +1294,6 @@ authvalidated(isc_task_t *task, isc_event_t *event) { dns_validatorevent_t *devent; dns_validator_t *val; dns_rdataset_t *rdataset; - dns_rdataset_t *sigrdataset; isc_boolean_t want_destroy; isc_result_t result; isc_boolean_t exists, data; @@ -1246,7 +1303,6 @@ authvalidated(isc_task_t *task, isc_event_t *event) { devent = (dns_validatorevent_t *)event; rdataset = devent->rdataset; - sigrdataset = devent->sigrdataset; val = devent->ev_arg; result = devent->result; dns_validator_destroy(&val->subvalidator); @@ -2004,7 +2060,8 @@ validate(dns_validator_t *val, isc_boolean_t resume) { isc_stdtime_get(&now); ttl = ISC_MIN(event->rdataset->ttl, - val->siginfo->timeexpire - now); + ISC_MIN(val->siginfo->originalttl, + val->siginfo->timeexpire - now)); event->rdataset->ttl = ttl; event->sigrdataset->ttl = ttl; } @@ -2454,8 +2511,10 @@ validatezonekey(dns_validator_t *val) { validator_log(val, ISC_LOG_DEBUG(2), "unsigned DS record"); return (DNS_R_NOVALIDSIG); - } else + } else { result = ISC_R_SUCCESS; + POST(result); + } } else if (result == ISC_R_NOTFOUND) { /* * We don't have the DS. Find it. @@ -2466,11 +2525,12 @@ validatezonekey(dns_validator_t *val) { if (result != ISC_R_SUCCESS) return (result); return (DNS_R_WAIT); - } else if (result == DNS_R_NCACHENXDOMAIN || + } else if (result == DNS_R_NCACHENXDOMAIN || result == DNS_R_NCACHENXRRSET || result == DNS_R_EMPTYNAME || result == DNS_R_NXDOMAIN || - result == DNS_R_NXRRSET) + result == DNS_R_NXRRSET || + result == DNS_R_CNAME) { /* * The DS does not exist. @@ -2855,6 +2915,7 @@ findnsec3proofs(dns_validator_t *val) { } if (result != ISC_R_NOMORE) result = ISC_R_SUCCESS; + POST(result); if (dns_name_countlabels(zonename) == 0) return (ISC_R_SUCCESS); @@ -2987,13 +3048,11 @@ validate_authority(dns_validator_t *val, isc_boolean_t resume) { * infinite loop. Avoid that. */ if (val->event->type == dns_rdatatype_dnskey && + rdataset->type == dns_rdatatype_nsec && dns_name_equal(name, val->event->name)) { dns_rdata_t nsec = DNS_RDATA_INIT; - if (rdataset->type != dns_rdatatype_nsec) - continue; - result = dns_rdataset_first(rdataset); if (result != ISC_R_SUCCESS) return (result); @@ -3067,13 +3126,11 @@ validate_ncache(dns_validator_t *val, isc_boolean_t resume) { * infinite loop. Avoid that. */ if (val->event->type == dns_rdatatype_dnskey && + rdataset->type == dns_rdatatype_nsec && dns_name_equal(name, val->event->name)) { dns_rdata_t nsec = DNS_RDATA_INIT; - if (rdataset->type != dns_rdatatype_nsec) - continue; - result = dns_rdataset_first(rdataset); if (result != ISC_R_SUCCESS) return (result); @@ -3744,6 +3801,20 @@ proveunsecure(dns_validator_t *val, isc_boolean_t have_ds, isc_boolean_t resume) return (startfinddlvsep(val, tname)); } continue; + } else if (result == DNS_R_CNAME) { + if (DNS_TRUST_PENDING(val->frdataset.trust) || + DNS_TRUST_ANSWER(val->frdataset.trust)) { + result = create_validator(val, tname, + dns_rdatatype_cname, + &val->frdataset, + NULL, cnamevalidated, + "proveunsecure " + "(cname)"); + if (result != ISC_R_SUCCESS) + goto out; + return (DNS_R_WAIT); + } + continue; } else if (result == ISC_R_SUCCESS) { /* * There is a DS here. Verify that it's secure and @@ -4014,9 +4085,9 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, isc_task_t *task, isc_taskaction_t action, void *arg, dns_validator_t **validatorp) { - isc_result_t result; + isc_result_t result = ISC_R_FAILURE; dns_validator_t *val; - isc_task_t *tclone; + isc_task_t *tclone = NULL; dns_validatorevent_t *event; REQUIRE(name != NULL); @@ -4024,9 +4095,6 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, (rdataset == NULL && sigrdataset == NULL && message != NULL)); REQUIRE(validatorp != NULL && *validatorp == NULL); - tclone = NULL; - result = ISC_R_FAILURE; - val = isc_mem_get(view->mctx, sizeof(*val)); if (val == NULL) return (ISC_R_NOMEMORY); diff --git a/lib/dns/view.c b/lib/dns/view.c index 24f925a..034c44e 100644 --- a/lib/dns/view.c +++ b/lib/dns/view.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: view.c,v 1.178 2011-01-13 09:53:04 marka Exp $ */ +/* $Id: view.c,v 1.178.8.1 2011-03-11 06:47:06 marka Exp $ */ /*! \file */ @@ -1160,7 +1160,7 @@ dns_view_findzonecut2(dns_view_t *view, dns_name_t *name, dns_name_t *fname, { isc_result_t result; dns_db_t *db; - isc_boolean_t is_cache, use_zone, try_hints, is_staticstub_zone; + isc_boolean_t is_cache, use_zone, try_hints; dns_zone_t *zone; dns_name_t *zfname; dns_rdataset_t zrdataset, zsigrdataset; @@ -1172,7 +1172,6 @@ dns_view_findzonecut2(dns_view_t *view, dns_name_t *name, dns_name_t *fname, db = NULL; zone = NULL; use_zone = ISC_FALSE; - is_staticstub_zone = ISC_FALSE; try_hints = ISC_FALSE; zfname = NULL; @@ -1188,11 +1187,8 @@ dns_view_findzonecut2(dns_view_t *view, dns_name_t *name, dns_name_t *fname, */ #ifdef BIND9 result = dns_zt_find(view->zonetable, name, 0, NULL, &zone); - if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) { + if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) result = dns_zone_getdb(zone, &db); - if (dns_zone_gettype(zone) == dns_zone_staticstub) - is_staticstub_zone = ISC_TRUE; - } #else result = ISC_R_NOTFOUND; #endif @@ -1391,6 +1387,7 @@ dns_viewlist_findzone(dns_viewlist_t *list, dns_name_t *name, if (result == DNS_R_PARTIALMATCH) { dns_zone_detach(zp); result = ISC_R_NOTFOUND; + POST(result); } if (zone2 != NULL) { diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c index 210bca9..f87344b 100644 --- a/lib/dns/xfrin.c +++ b/lib/dns/xfrin.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: xfrin.c,v 1.166.522.2.2.1 2011-06-02 23:47:35 tbox Exp $ */ +/* $Id: xfrin.c,v 1.166.522.4 2011-03-11 06:47:06 marka Exp $ */ /*! \file */ @@ -1247,7 +1247,7 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { result = DNS_R_UNEXPECTEDID; if (xfr->reqtype == dns_rdatatype_axfr || xfr->reqtype == dns_rdatatype_soa) - FAIL(result); + goto failure; xfrin_log(xfr, ISC_LOG_DEBUG(3), "got %s, retrying with AXFR", isc_result_totext(result)); try_axfr: @@ -1283,7 +1283,7 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { if (result != ISC_R_SUCCESS) { xfrin_log(xfr, ISC_LOG_DEBUG(3), "TSIG check failed: %s", isc_result_totext(result)); - FAIL(result); + goto failure; } for (result = dns_message_firstname(msg, DNS_SECTION_ANSWER); diff --git a/lib/dns/zone.c b/lib/dns/zone.c index c727c2e..9e05684 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.c,v 1.582.8.7 2011-02-18 23:23:08 each Exp $ */ +/* $Id: zone.c,v 1.582.8.26 2011-08-09 02:34:24 marka Exp $ */ /*! \file */ @@ -109,12 +109,20 @@ #define NSEC3REMOVE(x) (((x) & DNS_NSEC3FLAG_REMOVE) != 0) +/*% + * Key flags + */ +#define REVOKE(x) ((dst_key_flags(x) & DNS_KEYFLAG_REVOKE) != 0) +#define KSK(x) ((dst_key_flags(x) & DNS_KEYFLAG_KSK) != 0) +#define ALG(x) dst_key_alg(x) + /* * Default values. */ #define DNS_DEFAULT_IDLEIN 3600 /*%< 1 hour */ #define DNS_DEFAULT_IDLEOUT 3600 /*%< 1 hour */ #define MAX_XFER_TIME (2*3600) /*%< Documented default is 2 hours */ +#define RESIGN_DELAY 3600 /*%< 1 hour */ #ifndef DNS_MAX_EXPIRE #define DNS_MAX_EXPIRE 14515200 /*%< 24 weeks */ @@ -213,6 +221,7 @@ struct dns_zone { isc_uint32_t expire; isc_uint32_t minimum; isc_stdtime_t key_expiry; + isc_stdtime_t log_key_expired_timer; char *keydirectory; isc_uint32_t maxrefresh; @@ -660,6 +669,8 @@ static isc_result_t delete_nsec(dns_db_t *db, dns_dbversion_t *ver, dns_dbnode_t *node, dns_name_t *name, dns_diff_t *diff); static void zone_rekey(dns_zone_t *zone); +static isc_boolean_t delsig_ok(dns_rdata_rrsig_t *rrsig_ptr, + dst_key_t **keys, unsigned int nkeys); #define ENTER zone_debuglog(zone, me, 1, "enter") @@ -805,6 +816,7 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) { zone->timer = NULL; zone->idlein = DNS_DEFAULT_IDLEIN; zone->idleout = DNS_DEFAULT_IDLEOUT; + zone->log_key_expired_timer = 0; ISC_LIST_INIT(zone->notifies); isc_sockaddr_any(&zone->notifysrc4); isc_sockaddr_any6(&zone->notifysrc6); @@ -1379,6 +1391,7 @@ zone_load(dns_zone_t *zone, unsigned int flags) { isc_time_t now; isc_time_t loadtime, filetime; dns_db_t *db = NULL; + isc_boolean_t rbt; REQUIRE(DNS_ZONE_VALID(zone)); @@ -1394,14 +1407,15 @@ zone_load(dns_zone_t *zone, unsigned int flags) { goto cleanup; } - if (zone->db != NULL && zone->masterfile == NULL) { + + INSIST(zone->db_argc >= 1); + + rbt = strcmp(zone->db_argv[0], "rbt") == 0 || + strcmp(zone->db_argv[0], "rbt64") == 0; + + if (zone->db != NULL && zone->masterfile == NULL && rbt) { /* - * The zone has no master file configured, but it already - * has a database. It could be the built-in - * version.bind. CH zone, a zone with a persistent - * database being reloaded, or maybe a zone that - * used to have a master file but whose configuration - * was changed so that it no longer has one. Do nothing. + * The zone has no master file configured. */ result = ISC_R_SUCCESS; goto cleanup; @@ -1420,7 +1434,6 @@ zone_load(dns_zone_t *zone, unsigned int flags) { goto cleanup; } - /* * Store the current time before the zone is loaded, so that if the * file changes between the time of the load and the time that @@ -1463,21 +1476,20 @@ zone_load(dns_zone_t *zone, unsigned int flags) { } } - INSIST(zone->db_argc >= 1); - /* - * Built in zones don't need to be reloaded. + * Built in zones (with the exception of empty zones) don't need + * to be reloaded. */ if (zone->type == dns_zone_master && strcmp(zone->db_argv[0], "_builtin") == 0 && + (zone->db_argc < 2 || strcmp(zone->db_argv[1], "empty") != 0) && DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) { result = ISC_R_SUCCESS; goto cleanup; } if ((zone->type == dns_zone_slave || zone->type == dns_zone_stub) && - (strcmp(zone->db_argv[0], "rbt") == 0 || - strcmp(zone->db_argv[0], "rbt64") == 0)) { + rbt) { if (zone->masterfile == NULL || !isc_file_exists(zone->masterfile)) { if (zone->masterfile != NULL) { @@ -1993,8 +2005,7 @@ zone_check_glue(dns_zone_t *zone, dns_db_t *db, dns_name_t *name, dns_rdataset_disassociate(&aaaa); return (answer); } - } else - tresult = result; + } dns_name_format(owner, ownerbuf, sizeof ownerbuf); dns_name_format(name, namebuf, sizeof namebuf); @@ -2840,16 +2851,15 @@ compute_tag(dns_name_t *name, dns_rdata_dnskey_t *dnskey, isc_mem_t *mctx, } /* - * Add key to the security roots for all views. + * Add key to the security roots. */ static void -trust_key(dns_viewlist_t *viewlist, dns_name_t *keyname, +trust_key(dns_zone_t *zone, dns_name_t *keyname, dns_rdata_dnskey_t *dnskey, isc_mem_t *mctx) { isc_result_t result; dns_rdata_t rdata = DNS_RDATA_INIT; unsigned char data[4096]; isc_buffer_t buffer; - dns_view_t *view; dns_keytable_t *sr = NULL; dst_key_t *dstkey = NULL; @@ -2858,17 +2868,13 @@ trust_key(dns_viewlist_t *viewlist, dns_name_t *keyname, dns_rdata_fromstruct(&rdata, dnskey->common.rdclass, dns_rdatatype_dnskey, dnskey, &buffer); - for (view = ISC_LIST_HEAD(*viewlist); view != NULL; - view = ISC_LIST_NEXT(view, link)) { - - result = dns_view_getsecroots(view, &sr); - if (result != ISC_R_SUCCESS) - continue; + result = dns_view_getsecroots(zone->view, &sr); + if (result != ISC_R_SUCCESS) + goto failure; - CHECK(dns_dnssec_keyfromrdata(keyname, &rdata, mctx, &dstkey)); - CHECK(dns_keytable_add(sr, ISC_TRUE, &dstkey)); - dns_keytable_detach(&sr); - } + CHECK(dns_dnssec_keyfromrdata(keyname, &rdata, mctx, &dstkey)); + CHECK(dns_keytable_add(sr, ISC_TRUE, &dstkey)); + dns_keytable_detach(&sr); failure: if (dstkey != NULL) @@ -2879,37 +2885,16 @@ trust_key(dns_viewlist_t *viewlist, dns_name_t *keyname, } /* - * Remove key from the security roots for all views. - */ -static void -untrust_key(dns_viewlist_t *viewlist, dns_name_t *keyname, isc_mem_t *mctx, - dns_rdata_dnskey_t *dnskey) -{ - dns_view_t *view; - - for (view = ISC_LIST_HEAD(*viewlist); view != NULL; - view = ISC_LIST_NEXT(view, link)) - dns_view_untrust(view, keyname, dnskey, mctx); -} - -/* - * Add a null key to the security roots for all views, so that all queries + * Add a null key to the security roots for so that all queries * to the zone will fail. */ static void -fail_secure(dns_viewlist_t *viewlist, dns_name_t *keyname) { +fail_secure(dns_zone_t *zone, dns_name_t *keyname) { isc_result_t result; - dns_view_t *view; - - for (view = ISC_LIST_HEAD(*viewlist); - view != NULL; - view = ISC_LIST_NEXT(view, link)) { - dns_keytable_t *sr = NULL; - - result = dns_view_getsecroots(view, &sr); - if (result != ISC_R_SUCCESS) - continue; + dns_keytable_t *sr = NULL; + result = dns_view_getsecroots(zone->view, &sr); + if (result == ISC_R_SUCCESS) { dns_keytable_marksecure(sr, keyname); dns_keytable_detach(&sr); } @@ -2917,8 +2902,7 @@ fail_secure(dns_viewlist_t *viewlist, dns_name_t *keyname) { /* * Scan a set of KEYDATA records from the key zone. The ones that are - * valid (i.e., the add holddown timer has expired) become trusted keys for - * all views. + * valid (i.e., the add holddown timer has expired) become trusted keys. */ static void load_secroots(dns_zone_t *zone, dns_name_t *name, dns_rdataset_t *rdataset) { @@ -2927,22 +2911,14 @@ load_secroots(dns_zone_t *zone, dns_name_t *name, dns_rdataset_t *rdataset) { dns_rdata_keydata_t keydata; dns_rdata_dnskey_t dnskey; isc_mem_t *mctx = zone->mctx; - dns_view_t *view = zone->view; - dns_viewlist_t *viewlist = view->viewlist; int trusted = 0, revoked = 0, pending = 0; isc_stdtime_t now; + dns_keytable_t *sr = NULL; isc_stdtime_get(&now); - /* For each view, delete references to this key from secroots. */ - for (view = ISC_LIST_HEAD(*viewlist); view != NULL; - view = ISC_LIST_NEXT(view, link)) { - dns_keytable_t *sr = NULL; - - result = dns_view_getsecroots(view, &sr); - if (result != ISC_R_SUCCESS) - continue; - + result = dns_view_getsecroots(zone->view, &sr); + if (result == ISC_R_SUCCESS) { dns_keytable_delete(sr, name); dns_keytable_detach(&sr); } @@ -2980,7 +2956,7 @@ load_secroots(dns_zone_t *zone, dns_name_t *name, dns_rdataset_t *rdataset) { /* Add to keytables. */ trusted++; - trust_key(viewlist, name, &dnskey, mctx); + trust_key(zone, name, &dnskey, mctx); } if (trusted == 0 && pending != 0) { @@ -2993,7 +2969,7 @@ load_secroots(dns_zone_t *zone, dns_name_t *name, dns_rdataset_t *rdataset) { revoked, pending); dns_zone_log(zone, ISC_LOG_ERROR, "All queries to '%s' will fail", namebuf); - fail_secure(viewlist, name); + fail_secure(zone, name); } } @@ -3167,6 +3143,7 @@ static isc_result_t sync_keyzone(dns_zone_t *zone, dns_db_t *db) { isc_result_t result = ISC_R_SUCCESS; isc_boolean_t changed = ISC_FALSE; + isc_boolean_t commit = ISC_FALSE; dns_rbtnodechain_t chain; dns_fixedname_t fn; dns_name_t foundname, *origin; @@ -3288,12 +3265,12 @@ sync_keyzone(dns_zone_t *zone, dns_db_t *db) { if (changed) { /* Write changes to journal file. */ - result = increment_soa_serial(db, ver, &diff, zone->mctx); - if (result == ISC_R_SUCCESS) - zone_journal(zone, &diff, "sync_keyzone"); + CHECK(increment_soa_serial(db, ver, &diff, zone->mctx)); + CHECK(zone_journal(zone, &diff, "sync_keyzone")); DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED); zone_needdump(zone, 30); + commit = ISC_TRUE; } failure: @@ -3302,7 +3279,7 @@ sync_keyzone(dns_zone_t *zone, dns_db_t *db) { if (sr != NULL) dns_keytable_detach(&sr); if (ver != NULL) - dns_db_closeversion(db, &ver, changed); + dns_db_closeversion(db, &ver, commit); dns_diff_clear(&diff); return (result); @@ -3500,7 +3477,8 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, dns_zone_log(zone, ISC_LOG_ERROR, "zone serial (%u/%u) has gone " "backwards", serial, oldserial); - else if (serial == oldserial && !hasinclude) + else if (serial == oldserial && !hasinclude && + strcmp(zone->db_argv[0], "_builtin") != 0) dns_zone_log(zone, ISC_LOG_ERROR, "zone serial (%u) unchanged. " "zone may fail to transfer " @@ -3617,6 +3595,39 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, resume_signingwithkey(zone); resume_addnsec3chain(zone); } + + if (zone->type == dns_zone_master && + zone_isdynamic(zone) && + dns_db_issecure(db)) { + dns_name_t *name; + dns_fixedname_t fixed; + dns_rdataset_t next; + + dns_rdataset_init(&next); + dns_fixedname_init(&fixed); + name = dns_fixedname_name(&fixed); + + result = dns_db_getsigningtime(db, &next, name); + if (result == ISC_R_SUCCESS) { + isc_stdtime_t timenow; + char namebuf[DNS_NAME_FORMATSIZE]; + char typebuf[DNS_RDATATYPE_FORMATSIZE]; + + isc_stdtime_get(&timenow); + dns_name_format(name, namebuf, sizeof(namebuf)); + dns_rdatatype_format(next.covers, + typebuf, sizeof(typebuf)); + dns_zone_log(zone, ISC_LOG_DEBUG(3), + "next resign: %s/%s in %d seconds", + namebuf, typebuf, + next.resign - timenow); + dns_rdataset_disassociate(&next); + } else + dns_zone_log(zone, ISC_LOG_WARNING, + "signed dynamic zone has no " + "resign event scheduled"); + } + zone_settimer(zone, &now); } @@ -4520,6 +4531,7 @@ static void set_key_expiry_warning(dns_zone_t *zone, isc_stdtime_t when, isc_stdtime_t now) { unsigned int delta; + char timebuf[80]; zone->key_expiry = when; if (when <= now) { @@ -4527,20 +4539,57 @@ set_key_expiry_warning(dns_zone_t *zone, isc_stdtime_t when, isc_stdtime_t now) "DNSKEY RRSIG(s) have expired"); isc_time_settoepoch(&zone->keywarntime); } else if (when < now + 7 * 24 * 3600) { + isc_time_t t; + isc_time_set(&t, when, 0); + isc_time_formattimestamp(&t, timebuf, 80); dns_zone_log(zone, ISC_LOG_WARNING, - "DNSKEY RRSIG(s) will expire at %u", - when); /* XXXMPA convert to date. */ + "DNSKEY RRSIG(s) will expire within 7 days: %s", + timebuf); delta = when - now; delta--; /* loop prevention */ delta /= 24 * 3600; /* to whole days */ delta *= 24 * 3600; /* to seconds */ isc_time_set(&zone->keywarntime, when - delta, 0); } else { - dns_zone_log(zone, ISC_LOG_NOTICE, /* XXMPA ISC_LOG_DEBUG(1) */ - "setting keywarntime to %u - 7 days", - when); /* XXXMPA convert to date. */ isc_time_set(&zone->keywarntime, when - 7 * 24 * 3600, 0); + isc_time_formattimestamp(&zone->refreshkeytime, timebuf, 80); + dns_zone_log(zone, ISC_LOG_NOTICE, + "setting keywarntime to %s", timebuf); + } +} + +/* + * Helper function to del_sigs(). We don't want to delete RRSIGs that + * have no new key. + */ +static isc_boolean_t +delsig_ok(dns_rdata_rrsig_t *rrsig_ptr, dst_key_t **keys, unsigned int nkeys) { + unsigned int i = 0; + + /* + * It's okay to delete a signature if there is an active ZSK + * with the same algorithm + */ + for (i = 0; i < nkeys; i++) { + if (rrsig_ptr->algorithm == dst_key_alg(keys[i]) && + (dst_key_isprivate(keys[i])) && !KSK(keys[i])) + return (ISC_TRUE); + } + + /* + * Failing that, it is *not* okay to delete a signature + * if the associated public key is still in the DNSKEY RRset + */ + for (i = 0; i < nkeys; i++) { + if ((rrsig_ptr->algorithm == dst_key_alg(keys[i])) && + (rrsig_ptr->keyid == dst_key_id(keys[i]))) + return (ISC_FALSE); } + + /* + * But if the key is gone, then go ahead. + */ + return (ISC_TRUE); } /* @@ -4550,7 +4599,7 @@ set_key_expiry_warning(dns_zone_t *zone, isc_stdtime_t when, isc_stdtime_t now) static isc_result_t del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_rdatatype_t type, dns_diff_t *diff, dst_key_t **keys, - unsigned int nkeys, isc_stdtime_t now) + unsigned int nkeys, isc_stdtime_t now, isc_boolean_t incremental) { isc_result_t result; dns_dbnode_t *node = NULL; @@ -4558,7 +4607,7 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_rdata_t rdata = DNS_RDATA_INIT; unsigned int i; dns_rdata_rrsig_t rrsig; - isc_boolean_t found; + isc_boolean_t found, changed; isc_stdtime_t warn = 0, maybe = 0; dns_rdataset_init(&rdataset); @@ -4584,6 +4633,7 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, goto failure; } + changed = ISC_FALSE; for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(&rdataset)) { @@ -4592,12 +4642,56 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, RUNTIME_CHECK(result == ISC_R_SUCCESS); if (type != dns_rdatatype_dnskey) { - result = update_one_rr(db, ver, diff, + if (delsig_ok(&rrsig, keys, nkeys)) { + result = update_one_rr(db, ver, diff, DNS_DIFFOP_DELRESIGN, name, rdataset.ttl, &rdata); - dns_rdata_reset(&rdata); - if (result != ISC_R_SUCCESS) - break; + if (incremental) + changed = ISC_TRUE; + dns_rdata_reset(&rdata); + if (result != ISC_R_SUCCESS) + break; + } else { + /* + * At this point, we've got an RRSIG, + * which is signed by an inactive key. + * An administrator needs to provide a new + * key/alg, but until that time, we want to + * keep the old RRSIG. Marking the key as + * offline will prevent us spinning waiting + * for the private part. + */ + if (incremental) { + result = offline(db, ver, diff, name, + rdataset.ttl, &rdata); + changed = ISC_TRUE; + if (result != ISC_R_SUCCESS) + break; + } + + /* + * Log the key id and algorithm of + * the inactive key with no replacement + */ + if (zone->log_key_expired_timer <= now) { + char origin[DNS_NAME_FORMATSIZE]; + char algbuf[DNS_NAME_FORMATSIZE]; + dns_name_format(&zone->origin, origin, + sizeof(origin)); + dns_secalg_format(rrsig.algorithm, + algbuf, + sizeof(algbuf)); + dns_zone_log(zone, ISC_LOG_WARNING, + "Key %s/%s/%d " + "missing or inactive " + "and has no replacement: " + "retaining signatures.", + origin, algbuf, + rrsig.keyid); + zone->log_key_expired_timer = now + + 3600; + } + } continue; } @@ -4641,6 +4735,7 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, break; } } + /* * If there is not a matching DNSKEY then * delete the RRSIG. @@ -4653,6 +4748,10 @@ del_sigs(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, if (result != ISC_R_SUCCESS) break; } + + if (changed && (rdataset.attributes & DNS_RDATASETATTR_RESIGN) != 0) + dns_db_resigned(db, &rdataset, ver); + dns_rdataset_disassociate(&rdataset); if (result == ISC_R_NOMORE) result = ISC_R_SUCCESS; @@ -4702,10 +4801,6 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, goto failure; } -#define REVOKE(x) ((dst_key_flags(x) & DNS_KEYFLAG_REVOKE) != 0) -#define KSK(x) ((dst_key_flags(x) & DNS_KEYFLAG_KSK) != 0) -#define ALG(x) dst_key_alg(x) - for (i = 0; i < nkeys; i++) { isc_boolean_t both = ISC_FALSE; @@ -4844,6 +4939,8 @@ zone_resigninc(dns_zone_t *zone) { while (result == ISC_R_SUCCESS) { resign = rdataset.resign; covers = rdataset.covers; + dns_rdataset_disassociate(&rdataset); + /* * Stop if we hit the SOA as that means we have walked the * entire zone. The SOA record should always be the most @@ -4851,27 +4948,18 @@ zone_resigninc(dns_zone_t *zone) { */ /* XXXMPA increase number of RRsets signed pre call */ if (covers == dns_rdatatype_soa || i++ > zone->signatures || - resign > stop) { - /* - * Ensure that we don't loop resigning the SOA. - */ - if (covers == dns_rdatatype_soa) - dns_db_resigned(db, &rdataset, version); - dns_rdataset_disassociate(&rdataset); + resign > stop) break; - } - - dns_db_resigned(db, &rdataset, version); - dns_rdataset_disassociate(&rdataset); result = del_sigs(zone, db, version, name, covers, &sig_diff, - zone_keys, nkeys, now); + zone_keys, nkeys, now, ISC_TRUE); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_resigninc:del_sigs -> %s\n", dns_result_totext(result)); break; } + result = add_sigs(db, version, name, covers, &sig_diff, zone_keys, nkeys, zone->mctx, inception, expire, check_ksk, keyset_kskonly); @@ -4897,7 +4985,7 @@ zone_resigninc(dns_zone_t *zone) { goto failure; result = del_sigs(zone, db, version, &zone->origin, dns_rdatatype_soa, - &sig_diff, zone_keys, nkeys, now); + &sig_diff, zone_keys, nkeys, now, ISC_TRUE); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_resigninc:del_sigs -> %s\n", @@ -4905,6 +4993,13 @@ zone_resigninc(dns_zone_t *zone) { goto failure; } + /* + * Did we change anything in the zone? + */ + if (ISC_LIST_EMPTY(sig_diff.tuples)) + goto failure; + + /* Increment SOA serial if we have made changes */ result = increment_soa_serial(db, version, &sig_diff, zone->mctx); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, @@ -4928,7 +5023,7 @@ zone_resigninc(dns_zone_t *zone) { } /* Write changes to journal file. */ - zone_journal(zone, &sig_diff, "zone_resigninc"); + CHECK(zone_journal(zone, &sig_diff, "zone_resigninc")); /* Everything has succeeded. Commit the changes. */ dns_db_closeversion(db, &version, ISC_TRUE); @@ -5614,7 +5709,7 @@ update_sigs(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *version, tuple = ISC_LIST_HEAD(diff->tuples)) { result = del_sigs(zone, db, version, &tuple->name, tuple->rdata.type, sig_diff, - zone_keys, nkeys, now); + zone_keys, nkeys, now, ISC_FALSE); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "update_sigs:del_sigs -> %s\n", @@ -5668,11 +5763,11 @@ zone_nsec3chain(dns_zone_t *zone) { dns_nsec3chainlist_t cleanup; dst_key_t *zone_keys[MAXZONEKEYS]; isc_int32_t signatures; - isc_boolean_t check_ksk, keyset_kskonly, is_ksk; + isc_boolean_t check_ksk, keyset_kskonly; isc_boolean_t delegation; isc_boolean_t first; isc_result_t result; - isc_stdtime_t now, inception, soaexpire, expire, stop; + isc_stdtime_t now, inception, soaexpire, expire; isc_uint32_t jitter; unsigned int i; unsigned int nkeys = 0; @@ -5737,7 +5832,6 @@ zone_nsec3chain(dns_zone_t *zone) { */ isc_random_get(&jitter); expire = soaexpire - jitter % 3600; - stop = now + 5; check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK); keyset_kskonly = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_DNSKEYKSKONLY); @@ -5783,8 +5877,6 @@ zone_nsec3chain(dns_zone_t *zone) { if (NSEC3REMOVE(nsec3chain->nsec3param.flags)) goto next_addchain; - is_ksk = ISC_FALSE; - delegation = ISC_FALSE; dns_dbiterator_current(nsec3chain->dbiterator, &node, name); if (nsec3chain->delete_nsec) { @@ -6170,6 +6262,12 @@ zone_nsec3chain(dns_zone_t *zone) { result = dns_db_getoriginnode(db, &node); RUNTIME_CHECK(result == ISC_R_SUCCESS); result = dns_db_allrdatasets(db, node, version, 0, &iterator); + if (result != ISC_R_SUCCESS) { + dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" + "dns_db_allrdatasets -> %s\n", + dns_result_totext(result)); + goto failure; + } for (result = dns_rdatasetiter_first(iterator); result == ISC_R_SUCCESS; result = dns_rdatasetiter_next(iterator)) { @@ -6267,7 +6365,7 @@ zone_nsec3chain(dns_zone_t *zone) { goto done; result = del_sigs(zone, db, version, &zone->origin, dns_rdatatype_soa, - &sig_diff, zone_keys, nkeys, now); + &sig_diff, zone_keys, nkeys, now, ISC_FALSE); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_nsec3chain:" "del_sigs -> %s\n", dns_result_totext(result)); @@ -6292,10 +6390,11 @@ zone_nsec3chain(dns_zone_t *zone) { } /* Write changes to journal file. */ - zone_journal(zone, &sig_diff, "zone_nsec3chain"); + CHECK(zone_journal(zone, &sig_diff, "zone_nsec3chain")); LOCK_ZONE(zone); zone_needdump(zone, DNS_DUMP_DELAY); + DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY); UNLOCK_ZONE(zone); done: @@ -6502,12 +6601,11 @@ zone_sign(dns_zone_t *zone) { isc_boolean_t build_nsec3 = ISC_FALSE; isc_boolean_t first; isc_result_t result; - isc_stdtime_t now, inception, soaexpire, expire, stop; + isc_stdtime_t now, inception, soaexpire, expire; isc_uint32_t jitter; unsigned int i, j; unsigned int nkeys = 0; isc_uint32_t nodes; - isc_boolean_t was_ksk; dns_rdataset_init(&rdataset); dns_fixedname_init(&fixed); @@ -6559,7 +6657,6 @@ zone_sign(dns_zone_t *zone) { */ isc_random_get(&jitter); expire = soaexpire - jitter % 3600; - stop = now + 5; /* * We keep pulling nodes off each iterator in turn until @@ -6604,8 +6701,6 @@ zone_sign(dns_zone_t *zone) { delegation = ISC_FALSE; - was_ksk = ISC_FALSE; - if (first && signing->delete) { /* * Remove the key we are deleting from consideration. @@ -6831,7 +6926,7 @@ zone_sign(dns_zone_t *zone) { commit = ISC_TRUE; result = del_sigs(zone, db, version, &zone->origin, dns_rdatatype_soa, - &sig_diff, zone_keys, nkeys, now); + &sig_diff, zone_keys, nkeys, now, ISC_FALSE); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_sign:del_sigs -> %s\n", @@ -6864,9 +6959,7 @@ zone_sign(dns_zone_t *zone) { /* * Write changes to journal file. */ - result = zone_journal(zone, &sig_diff, "zone_sign"); - if (result != ISC_R_SUCCESS) - goto failure; + CHECK(zone_journal(zone, &sig_diff, "zone_sign")); pauseall: /* @@ -7048,6 +7141,7 @@ refresh_time(dns_keyfetch_t *kfetch, isc_boolean_t retry) { dns_rdataset_current(rdset, &sigrr); result = dns_rdata_tostruct(&sigrr, &sig, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); if (!retry) { t = sig.originalttl / 2; @@ -7215,8 +7309,8 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { dns_keytable_t *secroots = NULL; dns_dbversion_t *ver = NULL; dns_diff_t diff; - isc_boolean_t changed = ISC_FALSE; isc_boolean_t alldone = ISC_FALSE; + isc_boolean_t commit = ISC_FALSE; dns_name_t *keyname; dns_rdata_t sigrr = DNS_RDATA_INIT; dns_rdata_t dnskeyrr = DNS_RDATA_INIT; @@ -7232,6 +7326,7 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { isc_stdtime_t now; int pending = 0; isc_boolean_t secure; + isc_boolean_t free_needed; UNUSED(task); INSIST(event != NULL && event->ev_type == DNS_EVENT_FETCHDONE); @@ -7253,15 +7348,20 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { isc_event_free(&event); dns_resolver_destroyfetch(&kfetch->fetch); + LOCK_ZONE(zone); + if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING) || zone->view == NULL) + goto cleanup; + isc_stdtime_get(&now); dns_name_format(keyname, namebuf, sizeof(namebuf)); result = dns_view_getsecroots(zone->view, &secroots); INSIST(result == ISC_R_SUCCESS); - LOCK_ZONE(zone); - dns_db_newversion(kfetch->db, &ver); dns_diff_init(mctx, &diff); + diff.resign = zone->sigresigninginterval; + + CHECK(dns_db_newversion(kfetch->db, &ver)); zone->refreshkeycount--; alldone = ISC_TF(zone->refreshkeycount == 0); @@ -7276,8 +7376,7 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { "Unable to fetch DNSKEY set " "'%s': %s", namebuf, dns_result_totext(eresult)); CHECK(minimal_update(kfetch, ver, &diff)); - changed = ISC_TRUE; - goto failure; + goto done; } /* No RRSIGs found */ @@ -7286,8 +7385,7 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { "No DNSKEY RRSIGs found for " "'%s': %s", namebuf, dns_result_totext(eresult)); CHECK(minimal_update(kfetch, ver, &diff)); - changed = ISC_TRUE; - goto failure; + goto done; } /* @@ -7415,7 +7513,6 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { CHECK(update_one_rr(kfetch->db, ver, &diff, DNS_DIFFOP_DEL, keyname, 0, &keydatarr)); - changed = ISC_TRUE; } if (!secure || deletekey) @@ -7431,7 +7528,6 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { CHECK(update_one_rr(kfetch->db, ver, &diff, DNS_DIFFOP_ADD, keyname, 0, &keydatarr)); - changed = ISC_TRUE; set_refreshkeytimer(zone, &keydata, now); } @@ -7486,8 +7582,8 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { deletekey = ISC_TRUE; } else if (keydata.removehd == 0) { /* Remove from secroots */ - untrust_key(zone->view->viewlist, - keyname, mctx, &dnskey); + dns_view_untrust(zone->view, keyname, + &dnskey, mctx); /* If initializing, delete now */ if (keydata.addhd == 0) @@ -7555,12 +7651,10 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { } /* Delete old version */ - if (deletekey || !newkey) { + if (deletekey || !newkey) CHECK(update_one_rr(kfetch->db, ver, &diff, DNS_DIFFOP_DEL, keyname, 0, &keydatarr)); - changed = ISC_TRUE; - } if (updatekey) { /* Set refresh timer */ @@ -7575,7 +7669,6 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { CHECK(update_one_rr(kfetch->db, ver, &diff, DNS_DIFFOP_ADD, keyname, 0, &keydatarr)); - changed = ISC_TRUE; } else if (newkey) { /* Convert DNSKEY to KEYDATA */ dns_rdata_tostruct(&dnskeyrr, &dnskey, NULL); @@ -7593,14 +7686,12 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { CHECK(update_one_rr(kfetch->db, ver, &diff, DNS_DIFFOP_ADD, keyname, 0, &keydatarr)); - changed = ISC_TRUE; } if (trustkey) { - /* Trust this key in all views */ + /* Trust this key. */ dns_rdata_tostruct(&dnskeyrr, &dnskey, NULL); - trust_key(zone->view->viewlist, keyname, &dnskey, - mctx); + trust_key(zone, keyname, &dnskey, mctx); } if (!deletekey) @@ -7617,27 +7708,32 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { * the security roots; then all queries to the zone will fail. */ if (pending != 0) - fail_secure(zone->view->viewlist, keyname); + fail_secure(zone, keyname); + + done: + + if (!ISC_LIST_EMPTY(diff.tuples)) { + /* Write changes to journal file. */ + CHECK(increment_soa_serial(kfetch->db, ver, &diff, mctx)); + CHECK(zone_journal(zone, &diff, "keyfetch_done")); + commit = ISC_TRUE; - failure: - if (changed) { DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED); zone_needdump(zone, 30); } - UNLOCK_ZONE(zone); - - /* Write changes to journal file. */ - if (alldone) { - result = increment_soa_serial(kfetch->db, ver, &diff, mctx); - if (result == ISC_R_SUCCESS) - result = zone_journal(zone, &diff, "keyfetch_done"); - } + failure: dns_diff_clear(&diff); - dns_db_closeversion(kfetch->db, &ver, changed); + if (ver != NULL) + dns_db_closeversion(kfetch->db, &ver, commit); + + cleanup: dns_db_detach(&kfetch->db); - dns_zone_detach(&kfetch->zone); + + INSIST(zone->irefs > 0); + zone->irefs--; + kfetch->zone = NULL; if (dns_rdataset_isassociated(&kfetch->keydataset)) dns_rdataset_disassociate(&kfetch->keydataset); @@ -7652,6 +7748,11 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { if (secroots != NULL) dns_keytable_detach(&secroots); + + free_needed = exit_check(zone); + UNLOCK_ZONE(zone); + if (free_needed) + zone_free(zone); } /* @@ -7676,14 +7777,21 @@ zone_refreshkeys(dns_zone_t *zone) { isc_stdtime_get(&now); + LOCK_ZONE(zone); + if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) { + isc_time_settoepoch(&zone->refreshkeytime); + UNLOCK_ZONE(zone); + return; + } + ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read); dns_db_attach(zone->db, &db); ZONEDB_UNLOCK(&zone->dblock, isc_rwlocktype_read); - LOCK_ZONE(zone); - dns_db_newversion(db, &ver); dns_diff_init(zone->mctx, &diff); + CHECK(dns_db_newversion(db, &ver)); + DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_REFRESHING); dns_rriterator_init(&rrit, db, ver, 0); @@ -7738,8 +7846,9 @@ zone_refreshkeys(dns_zone_t *zone) { zone->refreshkeycount++; kfetch = isc_mem_get(zone->mctx, sizeof(dns_keyfetch_t)); - kfetch->zone = NULL; - dns_zone_attach(zone, &kfetch->zone); + kfetch->zone = zone; + zone->irefs++; + INSIST(zone->irefs != 0); dns_fixedname_init(&kfetch->name); dns_name_dup(name, zone->mctx, dns_fixedname_name(&kfetch->name)); @@ -7763,17 +7872,20 @@ zone_refreshkeys(dns_zone_t *zone) { } if (!ISC_LIST_EMPTY(diff.tuples)) { CHECK(increment_soa_serial(db, ver, &diff, zone->mctx)); + CHECK(zone_journal(zone, &diff, "sync_keyzone")); commit = ISC_TRUE; - zone_journal(zone, &diff, "sync_keyzone"); DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_LOADED); zone_needdump(zone, 30); } + failure: UNLOCK_ZONE(zone); - dns_rriterator_destroy(&rrit); dns_diff_clear(&diff); - dns_db_closeversion(db, &ver, commit); + if (ver != NULL) { + dns_rriterator_destroy(&rrit); + dns_db_closeversion(db, &ver, commit); + } dns_db_detach(&db); } @@ -7988,7 +8100,7 @@ dns_zone_refresh(dns_zone_t *zone) { isc_interval_set(&i, isc_random_jitter(zone->retry, zone->retry / 4), 0); result = isc_time_nowplusinterval(&zone->refreshtime, &i); - if (result |= ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) dns_zone_log(zone, ISC_LOG_WARNING, "isc_time_nowplusinterval() failed: %s", dns_result_totext(result)); @@ -9342,7 +9454,7 @@ refresh_callback(isc_task_t *task, isc_event_t *event) { goto tcp_transfer; } dns_zone_log(zone, ISC_LOG_DEBUG(1), - "refresh: skipped tcp fallback" + "refresh: skipped tcp fallback " "as master %s (source %s) is " "unreachable (cached)", master, source); @@ -9523,6 +9635,7 @@ refresh_callback(isc_task_t *task, isc_event_t *event) { } else zone_debuglog(zone, me, 1, "serial: new %u, old not loaded", serial); + if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) || DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FORCEXFER) || isc_serial_gt(serial, oldserial)) { @@ -10066,7 +10179,13 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) { dns_db_settask(stub->db, zone->task); } - dns_db_newversion(stub->db, &stub->version); + result = dns_db_newversion(stub->db, &stub->version); + if (result != ISC_R_SUCCESS) { + dns_zone_log(zone, ISC_LOG_INFO, "refreshing stub: " + "dns_db_newversion() failed: %s", + dns_result_totext(result)); + goto cleanup; + } /* * Update SOA record. @@ -10074,8 +10193,7 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) { result = dns_db_findnode(stub->db, &zone->origin, ISC_TRUE, &node); if (result != ISC_R_SUCCESS) { - dns_zone_log(zone, ISC_LOG_INFO, - "refreshing stub: " + dns_zone_log(zone, ISC_LOG_INFO, "refreshing stub: " "dns_db_findnode() failed: %s", dns_result_totext(result)); goto cleanup; @@ -10097,6 +10215,7 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) { * XXX Optimisation: Create message when zone is setup and reuse. */ result = create_query(zone, dns_rdatatype_ns, &message); + INSIST(result == ISC_R_SUCCESS); INSIST(zone->masterscnt > 0); INSIST(zone->curmaster < zone->masterscnt); @@ -10170,6 +10289,7 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) { break; default: result = ISC_R_NOTIMPLEMENTED; + POST(result); goto cleanup; } timeout = 15; @@ -12360,16 +12480,10 @@ dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, zmgr->transfersin = 10; zmgr->transfersperns = 2; - /* Create the zone task pool. */ - result = isc_taskpool_create(taskmgr, mctx, - 8 /* XXX */, 2, &zmgr->zonetasks); - if (result != ISC_R_SUCCESS) - goto free_rwlock; - /* Create a single task for queueing of SOA queries. */ result = isc_task_create(taskmgr, 1, &zmgr->task); if (result != ISC_R_SUCCESS) - goto free_taskpool; + goto free_rwlock; isc_task_setname(zmgr->task, "zmgr", zmgr); result = isc_ratelimiter_create(mctx, timermgr, zmgr->task, &zmgr->rl); @@ -12403,8 +12517,6 @@ dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, isc_ratelimiter_detach(&zmgr->rl); free_task: isc_task_detach(&zmgr->task); - free_taskpool: - isc_taskpool_destroy(&zmgr->zonetasks); free_rwlock: isc_rwlock_destroy(&zmgr->rwlock); free_mem: @@ -12420,16 +12532,16 @@ dns_zonemgr_managezone(dns_zonemgr_t *zmgr, dns_zone_t *zone) { REQUIRE(DNS_ZONE_VALID(zone)); REQUIRE(DNS_ZONEMGR_VALID(zmgr)); + if (zmgr->zonetasks == NULL) + return (ISC_R_FAILURE); + RWLOCK(&zmgr->rwlock, isc_rwlocktype_write); LOCK_ZONE(zone); REQUIRE(zone->task == NULL); REQUIRE(zone->timer == NULL); REQUIRE(zone->zmgr == NULL); - isc_taskpool_gettask(zmgr->zonetasks, - dns_name_hash(dns_zone_getorigin(zone), - ISC_FALSE), - &zone->task); + isc_taskpool_gettask(zmgr->zonetasks, &zone->task); /* * Set the task name. The tag will arbitrarily point to one @@ -12522,6 +12634,7 @@ dns_zonemgr_detach(dns_zonemgr_t **zmgrp) { if (free_now) zonemgr_free(zmgr); + *zmgrp = NULL; } isc_result_t @@ -12573,6 +12686,35 @@ dns_zonemgr_shutdown(dns_zonemgr_t *zmgr) { isc_taskpool_destroy(&zmgr->zonetasks); } +isc_result_t +dns_zonemgr_setsize(dns_zonemgr_t *zmgr, int num_zones) { + isc_result_t result; + int ntasks = num_zones / 100; + isc_taskpool_t *pool = NULL; + + REQUIRE(DNS_ZONEMGR_VALID(zmgr)); + + /* + * For anything fewer than 1000 zones we use 10 tasks in + * the task pool. More than that, and we'll scale at one + * task per 100 zones. + */ + if (ntasks < 10) + ntasks = 10; + + /* Create or resize the zone task pool. */ + if (zmgr->zonetasks == NULL) + result = isc_taskpool_create(zmgr->taskmgr, zmgr->mctx, + ntasks, 2, &pool); + else + result = isc_taskpool_expand(&zmgr->zonetasks, ntasks, &pool); + + if (result == ISC_R_SUCCESS) + zmgr->zonetasks = pool; + + return (result); +} + static void zonemgr_free(dns_zonemgr_t *zmgr) { isc_mem_t *mctx; @@ -13586,7 +13728,8 @@ rr_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, */ static isc_result_t add_signing_records(dns_db_t *db, dns_rdatatype_t privatetype, - dns_dbversion_t *ver, dns_diff_t *diff) + dns_dbversion_t *ver, dns_diff_t *diff, + isc_boolean_t sign_all) { dns_difftuple_t *tuple, *newtuple = NULL; dns_rdata_dnskey_t dnskey; @@ -13625,13 +13768,16 @@ add_signing_records(dns_db_t *db, dns_rdatatype_t privatetype, rdata.type = privatetype; rdata.rdclass = tuple->rdata.rdclass; - CHECK(rr_exists(db, ver, name, &rdata, &flag)); - if (flag) - continue; - CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, - name, 0, &rdata, &newtuple)); - CHECK(do_one_tuple(&newtuple, db, ver, diff)); - INSIST(newtuple == NULL); + if (sign_all || tuple->op == DNS_DIFFOP_DEL) { + CHECK(rr_exists(db, ver, name, &rdata, &flag)); + if (flag) + continue; + CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, + name, 0, &rdata, &newtuple)); + CHECK(do_one_tuple(&newtuple, db, ver, diff)); + INSIST(newtuple == NULL); + } + /* * Remove any record which says this operation has already * completed. @@ -13692,7 +13838,7 @@ sign_apex(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, if (tuple == NULL) { result = del_sigs(zone, db, ver, &zone->origin, dns_rdatatype_dnskey, sig_diff, - zone_keys, nkeys, now); + zone_keys, nkeys, now, ISC_FALSE); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "sign_apex:del_sigs -> %s\n", @@ -13868,6 +14014,7 @@ zone_rekey(dns_zone_t *zone) { dns_dnsseckey_t *key; dns_diff_t diff, sig_diff; isc_boolean_t commit = ISC_FALSE, newactive = ISC_FALSE; + isc_boolean_t newalg = ISC_FALSE; isc_boolean_t fullsign; dns_ttl_t ttl = 3600; const char *dir; @@ -13890,6 +14037,7 @@ zone_rekey(dns_zone_t *zone) { mctx = zone->mctx; dns_diff_init(mctx, &diff); dns_diff_init(mctx, &sig_diff); + sig_diff.resign = zone->sigresigninginterval; CHECK(dns_zone_getdb(zone, &db)); CHECK(dns_db_newversion(db, &ver)); @@ -13944,12 +14092,34 @@ zone_rekey(dns_zone_t *zone) { goto trylater; } - /* See if any pre-existing keys have newly become active */ + /* See if any pre-existing keys have newly become active; + * also, see if any new key is for a new algorithm, as in that + * event, we need to sign the zone fully. (If there's a new + * key, but it's for an already-existing algorithm, then + * the zone signing can be handled incrementally.) + */ for (key = ISC_LIST_HEAD(dnskeys); key != NULL; key = ISC_LIST_NEXT(key, link)) { - if (key->first_sign) { - newactive = ISC_TRUE; + if (!key->first_sign) + continue; + + newactive = ISC_TRUE; + + if (!dns_rdataset_isassociated(&keysigs)) { + newalg = ISC_TRUE; + break; + } + + if (signed_with_alg(&keysigs, dst_key_alg(key->key))) { + /* + * This isn't a new algorithm; clear + * first_sign so we won't sign the + * whole zone with this key later + */ + key->first_sign = ISC_FALSE; + } else { + newalg = ISC_TRUE; break; } } @@ -13958,8 +14128,9 @@ zone_rekey(dns_zone_t *zone) { dnskey_sane(zone, db, ver, &diff)) { CHECK(dns_diff_apply(&diff, db, ver)); CHECK(clean_nsec3param(zone, db, ver, &diff)); - CHECK(add_signing_records(db, zone->privatetype, ver, - &diff)); + CHECK(add_signing_records(db, zone->privatetype, + ver, &diff, + ISC_TF(newalg || fullsign))); CHECK(increment_soa_serial(db, ver, &diff, mctx)); CHECK(add_chains(zone, db, ver, &diff)); CHECK(sign_apex(zone, db, ver, &diff, &sig_diff)); @@ -13973,8 +14144,6 @@ zone_rekey(dns_zone_t *zone) { if (commit) { isc_time_t timenow; dns_difftuple_t *tuple; - isc_boolean_t newkey = ISC_FALSE; - isc_boolean_t newalg = ISC_FALSE; LOCK_ZONE(zone); DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY); @@ -13984,43 +14153,6 @@ zone_rekey(dns_zone_t *zone) { TIME_NOW(&timenow); zone_settimer(zone, &timenow); - /* - * Has a new key become active? If so, is it for - * a new algorithm? - */ - for (tuple = ISC_LIST_HEAD(sig_diff.tuples); - tuple != NULL; - tuple = ISC_LIST_NEXT(tuple, link)) { - dns_rdata_dnskey_t dnskey; - - if (tuple->rdata.type != dns_rdatatype_dnskey) - continue; - - newkey = ISC_TRUE; - if (!dns_rdataset_isassociated(&keysigs)) { - newalg = ISC_TRUE; - break; - } - - result = dns_rdata_tostruct(&tuple->rdata, - &dnskey, NULL); - RUNTIME_CHECK(result == ISC_R_SUCCESS); - if (!signed_with_alg(&keysigs, - dnskey.algorithm)) { - newalg = ISC_TRUE; - break; - } - } - - /* - * If we found a new algorithm, we need to sign the - * zone fully. If there's a new key, but it's for an - * already-existing algorithm, then the zone signing - * can be handled incrementally. - */ - if (newkey && !newalg) - set_resigntime(zone); - /* Remove any signatures from removed keys. */ if (!ISC_LIST_EMPTY(rmkeys)) { for (key = ISC_LIST_HEAD(rmkeys); @@ -14038,7 +14170,6 @@ zone_rekey(dns_zone_t *zone) { } } - if (fullsign) { /* * "rndc sign" was called, so we now sign the zone @@ -14064,30 +14195,19 @@ zone_rekey(dns_zone_t *zone) { /* * We haven't been told to sign fully, but a new * algorithm was added to the DNSKEY. We sign - * the full zone, but only with the newly-added + * the full zone, but only with newly active * keys. */ - for (tuple = ISC_LIST_HEAD(sig_diff.tuples); - tuple != NULL; - tuple = ISC_LIST_NEXT(tuple, link)) { - dns_rdata_dnskey_t dnskey; - dns_secalg_t algorithm; - isc_region_t r; - isc_uint16_t keyid; - - if (tuple->rdata.type != dns_rdatatype_dnskey || - tuple->op == DNS_DIFFOP_DEL) + for (key = ISC_LIST_HEAD(dnskeys); + key != NULL; + key = ISC_LIST_NEXT(key, link)) { + if (!key->first_sign) continue; - result = dns_rdata_tostruct(&tuple->rdata, - &dnskey, NULL); - RUNTIME_CHECK(result == ISC_R_SUCCESS); - dns_rdata_toregion(&tuple->rdata, &r); - algorithm = dnskey.algorithm; - keyid = dst_region_computeid(&r, algorithm); - - result = zone_signwithkey(zone, algorithm, - keyid, ISC_FALSE); + result = zone_signwithkey(zone, + dst_key_alg(key->key), + dst_key_id(key->key), + ISC_FALSE); if (result != ISC_R_SUCCESS) { dns_zone_log(zone, ISC_LOG_ERROR, "zone_signwithkey failed: %s", @@ -14132,51 +14252,59 @@ zone_rekey(dns_zone_t *zone) { dns_result_totext(result)); } } + + /* + * Schedule the next resigning event + */ + set_resigntime(zone); UNLOCK_ZONE(zone); } + /* + * If we are doing automatic key maintenance and the key metadata + * indicates there is a key change event scheduled in the future, + * set the key refresh timer. + */ isc_stdtime_get(&now); TIME_NOW(&timenow); isc_time_settoepoch(&zone->refreshkeytime); - for (key = ISC_LIST_HEAD(dnskeys); - key != NULL; - key = ISC_LIST_NEXT(key, link)) { - isc_stdtime_t then; + + /* + * If we're doing key maintenance, set the key refresh timer to + * the next scheduled key event or to one hour in the future, + * whichever is sooner. + */ + if (DNS_ZONEKEY_OPTION(zone, DNS_ZONEKEY_MAINTAIN)) { isc_time_t timethen; + isc_stdtime_t then; - /* - * If we are doing automatic key maintenance and the - * key metadata indicates there is a key change event - * scheduled in the future, set the key refresh timer. - */ - if (!DNS_ZONEKEY_OPTION(zone, DNS_ZONEKEY_MAINTAIN)) - break; + LOCK_ZONE(zone); + DNS_ZONE_TIME_ADD(&timenow, HOUR, &timethen); + zone->refreshkeytime = timethen; + UNLOCK_ZONE(zone); - then = now; - result = next_keyevent(key->key, &then); - if (result != ISC_R_SUCCESS) - continue; + for (key = ISC_LIST_HEAD(dnskeys); + key != NULL; + key = ISC_LIST_NEXT(key, link)) { + then = now; + result = next_keyevent(key->key, &then); + if (result != ISC_R_SUCCESS) + continue; - DNS_ZONE_TIME_ADD(&timenow, then - now, &timethen); - LOCK_ZONE(zone); - if (isc_time_isepoch(&zone->refreshkeytime) || - isc_time_compare(&timethen, &zone->refreshkeytime) < 0) { - zone->refreshkeytime = timethen; - zone_settimer(zone, &timenow); + DNS_ZONE_TIME_ADD(&timenow, then - now, &timethen); + LOCK_ZONE(zone); + if (isc_time_compare(&timethen, + &zone->refreshkeytime) < 0) { + zone->refreshkeytime = timethen; + } + UNLOCK_ZONE(zone); } - UNLOCK_ZONE(zone); - } - /* - * If no key event is scheduled, we should still check the key - * repository for updates every so often. (Currently this is - * hard-coded to 12 hours, but it could be configurable.) - */ - if (isc_time_isepoch(&zone->refreshkeytime)) - DNS_ZONE_TIME_ADD(&timenow, (3600 * 12), &zone->refreshkeytime); + zone_settimer(zone, &timenow); - isc_time_formattimestamp(&zone->refreshkeytime, timebuf, 80); - dns_zone_log(zone, ISC_LOG_INFO, "next key event: %s", timebuf); + isc_time_formattimestamp(&zone->refreshkeytime, timebuf, 80); + dns_zone_log(zone, ISC_LOG_INFO, "next key event: %s", timebuf); + } failure: dns_diff_clear(&diff); diff --git a/lib/dns/zt.c b/lib/dns/zt.c index fd6af28..23b3e83 100644 --- a/lib/dns/zt.c +++ b/lib/dns/zt.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zt.c,v 1.47 2007-06-19 23:47:16 tbox Exp $ */ +/* $Id: zt.c,v 1.47.814.3 2011-03-19 23:47:24 tbox Exp $ */ /*! \file */ diff --git a/lib/export/dns/Makefile.in b/lib/export/dns/Makefile.in index 15b0d3f..1a2b4d5 100644 --- a/lib/export/dns/Makefile.in +++ b/lib/export/dns/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.8 2010-12-23 04:07:59 marka Exp $ +# $Id: Makefile.in,v 1.8.14.2 2011-05-16 23:47:16 tbox Exp $ top_srcdir = @top_srcdir@ srcdir = @top_srcdir@/lib/dns @@ -133,7 +133,7 @@ installdirs: install:: timestamp installdirs ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libdns.@A@ \ - ${DESTDIR}${export_libdir} + ${DESTDIR}${export_libdir}/ clean distclean:: rm -f libdns.@A@ timestamp diff --git a/lib/export/irs/Makefile.in b/lib/export/irs/Makefile.in index aad9400..8d6b24b 100644 --- a/lib/export/irs/Makefile.in +++ b/lib/export/irs/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.4 2009-12-05 23:31:40 each Exp $ +# $Id: Makefile.in,v 1.4.244.2 2011-05-16 23:47:16 tbox Exp $ top_srcdir = @top_srcdir@ srcdir = @top_srcdir@/lib/irs @@ -80,7 +80,7 @@ installdirs: install:: timestamp installdirs ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libirs.@A@ \ - ${DESTDIR}${export_libdir} + ${DESTDIR}${export_libdir}/ clean distclean:: rm -f libirs.@A@ libirs.la timestamp diff --git a/lib/export/isccfg/Makefile.in b/lib/export/isccfg/Makefile.in index ed2b2cf..cb22b37 100644 --- a/lib/export/isccfg/Makefile.in +++ b/lib/export/isccfg/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.4 2009-12-05 23:31:41 each Exp $ +# $Id: Makefile.in,v 1.4.244.2 2011-05-16 23:47:17 tbox Exp $ top_srcdir = @top_srcdir@ srcdir = @top_srcdir@/lib/isccfg @@ -77,7 +77,7 @@ installdirs: install:: timestamp installdirs ${LIBTOOL_MODE_INSTALL} ${INSTALL_DATA} libisccfg.@A@ \ - ${DESTDIR}${export_libdir} + ${DESTDIR}${export_libdir}/ clean distclean:: rm -f libisccfg.@A@ timestamp diff --git a/lib/export/samples/nsprobe.c b/lib/export/samples/nsprobe.c index 85c572d..4999b61 100644 --- a/lib/export/samples/nsprobe.c +++ b/lib/export/samples/nsprobe.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsprobe.c,v 1.7 2010-01-07 23:48:54 tbox Exp $ */ +/* $Id: nsprobe.c,v 1.7.180.3 2011-04-05 06:35:00 marka Exp $ */ #include <config.h> @@ -787,6 +787,7 @@ resolve_nsaddress(isc_task_t *task, isc_event_t *event) { fprintf(stderr, "resolve_nsaddress: " "mem_get failed"); result = ISC_R_NOMEMORY; + POST(result); goto cleanup; } isc_sockaddr_fromin(&server->address, @@ -923,6 +924,7 @@ resolve_ns(isc_task_t *task, isc_event_t *event) { fprintf(stderr, "resolve_ns: mem_get failed"); result = ISC_R_NOMEMORY; + POST(result); /* * XXX: should we continue with the * available servers anyway? @@ -1097,8 +1099,8 @@ main(int argc, char *argv[]) { if (res->ai_addrlen > sizeof(sa.type)) { fprintf(stderr, - "assumption failure: addrlen is too long: %d\n", - res->ai_addrlen); + "assumption failure: addrlen is too long: %ld\n", + (long)res->ai_addrlen); exit(1); } memcpy(&sa.type.sa, res->ai_addr, res->ai_addrlen); diff --git a/lib/irs/api b/lib/irs/api index 94575eb..78dd0b4 100644 --- a/lib/irs/api +++ b/lib/irs/api @@ -1,3 +1,3 @@ LIBINTERFACE = 80 -LIBREVISION = 0 +LIBREVISION = 1 LIBAGE = 0 diff --git a/lib/irs/getnameinfo.c b/lib/irs/getnameinfo.c index fadd8d8..00809d9 100644 --- a/lib/irs/getnameinfo.c +++ b/lib/irs/getnameinfo.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: getnameinfo.c,v 1.4 2009-09-02 23:48:02 tbox Exp $ */ +/* $Id: getnameinfo.c,v 1.4.346.2 2011-03-12 04:59:18 tbox Exp $ */ /*! \file */ @@ -149,12 +149,12 @@ getnameinfo(const struct sockaddr *sa, socklen_t salen, char *host, { struct afd *afd; struct servent *sp; - unsigned short port; + unsigned short port = 0; #ifdef IRS_PLATFORM_HAVESALEN size_t len; #endif int family, i; - const void *addr; + const void *addr = NULL; char *p; #if 0 unsigned long v4a; @@ -199,8 +199,6 @@ getnameinfo(const struct sockaddr *sa, socklen_t salen, char *host, break; default: - port = 0; - addr = NULL; INSIST(0); } proto = (flags & NI_DGRAM) ? "udp" : "tcp"; diff --git a/lib/irs/resconf.c b/lib/irs/resconf.c index af1413b..28077bb7 100644 --- a/lib/irs/resconf.c +++ b/lib/irs/resconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resconf.c,v 1.3 2009-09-02 23:48:02 tbox Exp $ */ +/* $Id: resconf.c,v 1.3.346.2 2011-03-12 04:59:18 tbox Exp $ */ /*! \file resconf.c */ @@ -517,6 +517,7 @@ irs_resconf_load(isc_mem_t *mctx, const char *filename, irs_resconf_t **confp) stopchar = getword(fp, word, sizeof(word)); if (stopchar == EOF) { rval = ISC_R_SUCCESS; + POST(rval); break; } diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in index d92c0b8..fa25690 100644 --- a/lib/isc/Makefile.in +++ b/lib/isc/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2003 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.109 2010-06-09 01:43:09 marka Exp $ +# $Id: Makefile.in,v 1.109.108.2 2011-07-08 23:47:16 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -88,6 +88,7 @@ LIBS = @LIBS@ .NO_PARALLEL: SUBDIRS = include unix nls @ISC_THREAD_DIR@ @ISC_ARCH_DIR@ TARGETS = timestamp +TESTDIRS = @UNITTESTS@ @BIND9_MAKE_RULES@ diff --git a/lib/isc/api b/lib/isc/api index b91b130..ec820d9 100644 --- a/lib/isc/api +++ b/lib/isc/api @@ -1,3 +1,3 @@ -LIBINTERFACE = 81 -LIBREVISION = 2 +LIBINTERFACE = 83 +LIBREVISION = 1 LIBAGE = 0 diff --git a/lib/isc/heap.c b/lib/isc/heap.c index 4dead3f..eeef7f7 100644 --- a/lib/isc/heap.c +++ b/lib/isc/heap.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2010, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1997-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: heap.c,v 1.39 2010-02-04 23:49:13 tbox Exp $ */ +/* $Id: heap.c,v 1.39.150.2 2011-03-03 23:47:09 tbox Exp $ */ /*! \file * Heap implementation of priority queues adapted from the following: @@ -86,8 +86,9 @@ isc_heap_create(isc_mem_t *mctx, isc_heapcompare_t compare, if (heap == NULL) return (ISC_R_NOMEMORY); heap->magic = HEAP_MAGIC; - heap->mctx = mctx; heap->size = 0; + heap->mctx = NULL; + isc_mem_attach(mctx, &heap->mctx); if (size_increment == 0) heap->size_increment = SIZE_INCREMENT; else @@ -114,7 +115,7 @@ isc_heap_destroy(isc_heap_t **heapp) { isc_mem_put(heap->mctx, heap->array, heap->size * sizeof(void *)); heap->magic = 0; - isc_mem_put(heap->mctx, heap, sizeof(*heap)); + isc_mem_putanddetach(&heap->mctx, heap, sizeof(*heap)); *heapp = NULL; } diff --git a/lib/isc/httpd.c b/lib/isc/httpd.c index 81f118e..4402647 100644 --- a/lib/isc/httpd.c +++ b/lib/isc/httpd.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2008, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2006-2008, 2010, 2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: httpd.c,v 1.20 2010-11-16 05:38:31 marka Exp $ */ +/* $Id: httpd.c,v 1.20.40.3 2011-03-11 06:47:07 marka Exp $ */ /*! \file */ @@ -315,7 +315,7 @@ isc_httpdmgr_create(isc_mem_t *mctx, isc_socket_t *sock, isc_task_t *task, isc_task_detach(&httpd->task); isc_socket_detach(&httpd->sock); isc_mem_detach(&httpd->mctx); - isc_mutex_destroy(&httpd->lock); + (void)isc_mutex_destroy(&httpd->lock); isc_mem_put(mctx, httpd, sizeof(isc_httpdmgr_t)); return (result); } @@ -364,7 +364,7 @@ httpdmgr_destroy(isc_httpdmgr_t *httpdmgr) } UNLOCK(&httpdmgr->lock); - isc_mutex_destroy(&httpdmgr->lock); + (void)isc_mutex_destroy(&httpdmgr->lock); if (httpdmgr->ondestroy != NULL) (httpdmgr->ondestroy)(httpdmgr->cb_arg); @@ -586,6 +586,8 @@ isc_httpd_accept(isc_task_t *task, isc_event_t *ev) r.length = HTTP_RECVLEN - 1; result = isc_socket_recv(httpd->sock, &r, 1, task, isc_httpd_recvdone, httpd); + /* FIXME!!! */ + POST(result); NOTICE("accept queued recv on socket"); requeue: @@ -683,8 +685,9 @@ isc_httpd_recvdone(isc_task_t *task, isc_event_t *ev) } r.base = (unsigned char *)httpd->recvbuf + httpd->recvlen; r.length = HTTP_RECVLEN - httpd->recvlen - 1; - result = isc_socket_recv(httpd->sock, &r, 1, task, - isc_httpd_recvdone, httpd); + /* check return code? */ + (void)isc_socket_recv(httpd->sock, &r, 1, task, + isc_httpd_recvdone, httpd); goto out; } else if (result != ISC_R_SUCCESS) { destroy_client(&httpd); @@ -722,14 +725,14 @@ isc_httpd_recvdone(isc_task_t *task, isc_event_t *ev) &httpd->mimetype, &httpd->bodybuffer, &httpd->freecb, &httpd->freecb_arg); if (result != ISC_R_SUCCESS) { - result = httpd->mgr->render_500(httpd->url, httpd->querystring, - NULL, - &httpd->retcode, - &httpd->retmsg, - &httpd->mimetype, - &httpd->bodybuffer, - &httpd->freecb, - &httpd->freecb_arg); + result = httpd->mgr->render_500(httpd->url, httpd->querystring, + NULL, &httpd->retcode, + &httpd->retmsg, + &httpd->mimetype, + &httpd->bodybuffer, + &httpd->freecb, + &httpd->freecb_arg); + RUNTIME_CHECK(result == ISC_R_SUCCESS); } isc_httpd_response(httpd); @@ -753,8 +756,9 @@ isc_httpd_recvdone(isc_task_t *task, isc_event_t *ev) if (isc_buffer_length(&httpd->bodybuffer) > 0) ISC_LIST_APPEND(httpd->bufflist, &httpd->bodybuffer, link); - result = isc_socket_sendv(httpd->sock, &httpd->bufflist, task, - isc_httpd_senddone, httpd); + /* check return code? */ + (void)isc_socket_sendv(httpd->sock, &httpd->bufflist, task, + isc_httpd_senddone, httpd); out: isc_event_free(&ev); @@ -821,7 +825,7 @@ isc_httpd_response(isc_httpd_t *httpd) needlen += 3 + 1; /* room for response code, always 3 bytes */ needlen += strlen(httpd->retmsg) + 2; /* return msg + CRLF */ - if (isc_buffer_availablelength(&httpd->headerbuffer) < needlen) { + while (isc_buffer_availablelength(&httpd->headerbuffer) < needlen) { result = grow_headerspace(httpd); if (result != ISC_R_SUCCESS) return (result); @@ -846,7 +850,7 @@ isc_httpd_addheader(isc_httpd_t *httpd, const char *name, needlen += 2 + strlen(val); /* :<space> and val */ needlen += 2; /* CRLF */ - if (isc_buffer_availablelength(&httpd->headerbuffer) < needlen) { + while (isc_buffer_availablelength(&httpd->headerbuffer) < needlen) { result = grow_headerspace(httpd); if (result != ISC_R_SUCCESS) return (result); @@ -869,7 +873,7 @@ isc_httpd_endheaders(isc_httpd_t *httpd) { isc_result_t result; - if (isc_buffer_availablelength(&httpd->headerbuffer) < 2) { + while (isc_buffer_availablelength(&httpd->headerbuffer) < 2) { result = grow_headerspace(httpd); if (result != ISC_R_SUCCESS) return (result); @@ -893,7 +897,7 @@ isc_httpd_addheaderuint(isc_httpd_t *httpd, const char *name, int val) { needlen += 2 + strlen(buf); /* :<space> and val */ needlen += 2; /* CRLF */ - if (isc_buffer_availablelength(&httpd->headerbuffer) < needlen) { + while (isc_buffer_availablelength(&httpd->headerbuffer) < needlen) { result = grow_headerspace(httpd); if (result != ISC_R_SUCCESS) return (result); @@ -912,7 +916,6 @@ isc_httpd_senddone(isc_task_t *task, isc_event_t *ev) { isc_httpd_t *httpd = ev->ev_arg; isc_region_t r; - isc_result_t result; isc_socketevent_t *sev = (isc_socketevent_t *)ev; ENTER("senddone"); @@ -963,8 +966,9 @@ isc_httpd_senddone(isc_task_t *task, isc_event_t *ev) r.base = (unsigned char *)httpd->recvbuf; r.length = HTTP_RECVLEN - 1; - result = isc_socket_recv(httpd->sock, &r, 1, task, isc_httpd_recvdone, - httpd); + /* check return code? */ + (void)isc_socket_recv(httpd->sock, &r, 1, task, + isc_httpd_recvdone, httpd); out: isc_event_free(&ev); diff --git a/lib/isc/include/isc/file.h b/lib/isc/include/isc/file.h index be40825..9087990 100644 --- a/lib/isc/include/isc/file.h +++ b/lib/isc/include/isc/file.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: file.h,v 1.39 2011-01-11 23:47:14 tbox Exp $ */ +/* $Id: file.h,v 1.39.10.2 2011-03-04 23:47:28 tbox Exp $ */ #ifndef ISC_FILE_H #define ISC_FILE_H 1 @@ -185,6 +185,27 @@ isc_file_isabsolute(const char *filename); * \brief Return #ISC_TRUE if the given file name is absolute. */ +isc_result_t +isc_file_isplainfile(const char *name); +/*!< + * \brief Check that the file is a plain file + * + * Returns: + *\li #ISC_R_SUCCESS + * Success. The file is a plain file. + *\li #ISC_R_INVALIDFILE + * The path specified was not usable by the operating system. + *\li #ISC_R_FILENOTFOUND + * The file does not exist. This return code comes from + * errno=ENOENT when stat returns -1. This code is mentioned + * here, because in logconf.c, it is the one rcode that is + * permitted in addition to ISC_R_SUCCESS. This is done since + * the next call in logconf.c is to isc_stdio_open(), which + * will create the file if it can. + *\li #other ISC_R_* errors translated from errno + * These occur when stat returns -1 and an errno. + */ + isc_boolean_t isc_file_iscurrentdir(const char *filename); /*!< diff --git a/lib/isc/include/isc/task.h b/lib/isc/include/isc/task.h index a2a1bbe..b3cdbb6 100644 --- a/lib/isc/include/isc/task.h +++ b/lib/isc/include/isc/task.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: task.h,v 1.69.14.1.2.1 2011-06-02 23:47:36 tbox Exp $ */ +/* $Id: task.h,v 1.69.14.2 2011-02-28 01:20:04 tbox Exp $ */ #ifndef ISC_TASK_H #define ISC_TASK_H 1 diff --git a/lib/isc/include/isc/taskpool.h b/lib/isc/include/isc/taskpool.h index 07aba70..5825afb 100644 --- a/lib/isc/include/isc/taskpool.h +++ b/lib/isc/include/isc/taskpool.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: taskpool.h,v 1.15 2007-06-19 23:47:18 tbox Exp $ */ +/* $Id: taskpool.h,v 1.15.814.2 2011-07-08 23:47:16 tbox Exp $ */ #ifndef ISC_TASKPOOL_H #define ISC_TASKPOOL_H 1 @@ -83,11 +83,50 @@ isc_taskpool_create(isc_taskmgr_t *tmgr, isc_mem_t *mctx, *\li #ISC_R_UNEXPECTED */ -void -isc_taskpool_gettask(isc_taskpool_t *pool, unsigned int hash, - isc_task_t **targetp); +void +isc_taskpool_gettask(isc_taskpool_t *pool, isc_task_t **targetp); +/*%< + * Attach to a task from the pool. Currently the next task is chosen + * from the pool at random. (This may be changed in the future to + * something that guaratees balance.) + */ + +int +isc_taskpool_size(isc_taskpool_t *pool); +/*%< + * Returns the number of tasks in the task pool 'pool'. + */ + +isc_result_t +isc_taskpool_expand(isc_taskpool_t **sourcep, unsigned int size, + isc_taskpool_t **targetp); + /*%< - * Attach to the task corresponding to the hash value "hash". + * If 'size' is larger than the number of tasks in the pool pointed to by + * 'sourcep', then a new taskpool of size 'size' is allocated, the existing + * tasks from are moved into it, additional tasks are created to bring the + * total number up to 'size', and the resulting pool is attached to + * 'targetp'. + * + * If 'size' is less than or equal to the tasks in pool 'source', then + * 'sourcep' is attached to 'targetp' without any other action being taken. + * + * In either case, 'sourcep' is detached. + * + * Requires: + * + * \li 'sourcep' is not NULL and '*source' is not NULL + * \li 'targetp' is not NULL and '*source' is NULL + * + * Ensures: + * + * \li On success, '*targetp' points to a valid task pool. + * \li On success, '*sourcep' points to NULL. + * + * Returns: + * + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOMEMORY */ void diff --git a/lib/isc/include/isc/util.h b/lib/isc/include/isc/util.h index 11d0044..6e7da3a 100644 --- a/lib/isc/include/isc/util.h +++ b/lib/isc/include/isc/util.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2010, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: util.h,v 1.32 2010-01-11 23:48:37 tbox Exp $ */ +/* $Id: util.h,v 1.32.170.2 2011-03-12 04:59:19 tbox Exp $ */ #ifndef ISC_UTIL_H #define ISC_UTIL_H 1 @@ -48,6 +48,11 @@ */ #define UNUSED(x) (void)(x) +/*% + * The opposite: silent warnings about stored values which are never read. + */ +#define POST(x) (void)(x) + #define ISC_MAX(a, b) ((a) > (b) ? (a) : (b)) #define ISC_MIN(a, b) ((a) < (b) ? (a) : (b)) diff --git a/lib/isc/log.c b/lib/isc/log.c index 7ef6692..ee71deb 100644 --- a/lib/isc/log.c +++ b/lib/isc/log.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: log.c,v 1.99 2009-02-16 02:01:16 marka Exp $ */ +/* $Id: log.c,v 1.99.404.2 2011-03-12 04:59:18 tbox Exp $ */ /*! \file * \author Principal Authors: DCL */ @@ -1342,9 +1342,10 @@ isc_log_open(isc_logchannel_t *channel) { (FILE_MAXSIZE(channel) > 0 && statbuf.st_size >= FILE_MAXSIZE(channel))) roll = regular_file; - } else if (errno == ENOENT) + } else if (errno == ENOENT) { regular_file = ISC_TRUE; - else + POST(regular_file); + } else result = ISC_R_INVALIDFILE; /* diff --git a/lib/isc/netaddr.c b/lib/isc/netaddr.c index 33dddb8..690141b 100644 --- a/lib/isc/netaddr.c +++ b/lib/isc/netaddr.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2010, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: netaddr.c,v 1.41 2010-11-17 23:47:08 tbox Exp $ */ +/* $Id: netaddr.c,v 1.41.38.3 2011-03-11 06:47:07 marka Exp $ */ /*! \file */ @@ -69,10 +69,10 @@ isc_boolean_t isc_netaddr_eqprefix(const isc_netaddr_t *a, const isc_netaddr_t *b, unsigned int prefixlen) { - const unsigned char *pa, *pb; - unsigned int ipabytes; /* Length of whole IP address in bytes */ - unsigned int nbytes; /* Number of significant whole bytes */ - unsigned int nbits; /* Number of significant leftover bits */ + const unsigned char *pa = NULL, *pb = NULL; + unsigned int ipabytes = 0; /* Length of whole IP address in bytes */ + unsigned int nbytes; /* Number of significant whole bytes */ + unsigned int nbits; /* Number of significant leftover bits */ REQUIRE(a != NULL && b != NULL); @@ -94,8 +94,6 @@ isc_netaddr_eqprefix(const isc_netaddr_t *a, const isc_netaddr_t *b, ipabytes = 16; break; default: - pa = pb = NULL; /* Avoid silly compiler warning. */ - ipabytes = 0; /* Ditto. */ return (ISC_FALSE); } @@ -188,6 +186,9 @@ isc_netaddr_format(const isc_netaddr_t *na, char *array, unsigned int size) { isc_buffer_init(&buf, array, size); result = isc_netaddr_totext(na, &buf); + if (size == 0) + return; + /* * Null terminate. */ @@ -212,7 +213,7 @@ isc_netaddr_format(const isc_netaddr_t *na, char *array, unsigned int size) { isc_result_t isc_netaddr_prefixok(const isc_netaddr_t *na, unsigned int prefixlen) { static const unsigned char zeros[16]; - unsigned int nbits, nbytes, ipbytes; + unsigned int nbits, nbytes, ipbytes = 0; const unsigned char *p; switch (na->family) { @@ -229,7 +230,6 @@ isc_netaddr_prefixok(const isc_netaddr_t *na, unsigned int prefixlen) { return (ISC_R_RANGE); break; default: - ipbytes = 0; return (ISC_R_NOTIMPLEMENTED); } nbytes = prefixlen / 8; @@ -246,7 +246,7 @@ isc_netaddr_prefixok(const isc_netaddr_t *na, unsigned int prefixlen) { isc_result_t isc_netaddr_masktoprefixlen(const isc_netaddr_t *s, unsigned int *lenp) { - unsigned int nbits, nbytes, ipbytes, i; + unsigned int nbits = 0, nbytes = 0, ipbytes = 0, i; const unsigned char *p; switch (s->family) { @@ -259,10 +259,8 @@ isc_netaddr_masktoprefixlen(const isc_netaddr_t *s, unsigned int *lenp) { ipbytes = 16; break; default: - ipbytes = 0; return (ISC_R_NOTIMPLEMENTED); } - nbytes = nbits = 0; for (i = 0; i < ipbytes; i++) { if (p[i] != 0xFF) break; diff --git a/lib/isc/powerpc/include/isc/atomic.h b/lib/isc/powerpc/include/isc/atomic.h index 2e11e39..4404bed 100644 --- a/lib/isc/powerpc/include/isc/atomic.h +++ b/lib/isc/powerpc/include/isc/atomic.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2005, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: atomic.h,v 1.8 2009-10-14 23:47:51 tbox Exp $ */ +/* $Id: atomic.h,v 1.8.284.3 2011-03-08 00:52:21 marka Exp $ */ #ifndef ISC_ATOMIC_H #define ISC_ATOMIC_H 1 @@ -110,14 +110,16 @@ isc_atomic_xadd(isc_int32_t *p, isc_int32_t val) { "mr %0, r6\n" "add r6, r6, %2\n" "stwcx. r6, 0, %1\n" - "bne- 1b" + "bne- 1b\n" + "sync" #else "1:" "lwarx 6, 0, %1\n" "mr %0, 6\n" "add 6, 6, %2\n" "stwcx. 6, 0, %1\n" - "bne- 1b" + "bne- 1b\n" + "sync" #endif : "=&r"(orig) : "r"(p), "r"(val) @@ -135,13 +137,15 @@ isc_atomic_store(void *p, isc_int32_t val) { "lwarx r6, 0, %0\n" "lwz r6, %1\n" "stwcx. r6, 0, %0\n" - "bne- 1b" + "bne- 1b\n" + "sync" #else "1:" "lwarx 6, 0, %0\n" "lwz 6, %1\n" "stwcx. 6, 0, %0\n" - "bne- 1b" + "bne- 1b\n" + "sync" #endif : : "r"(p), "m"(val) @@ -163,7 +167,8 @@ isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) { "mr r6, %3\n" "stwcx. r6, 0, %1\n" "bne- 1b\n" - "2:" + "2:\n" + "sync" #else "1:" "lwarx 6, 0, %1\n" @@ -173,7 +178,8 @@ isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) { "mr 6, %3\n" "stwcx. 6, 0, %1\n" "bne- 1b\n" - "2:" + "2:\n" + "sync" #endif : "=&r" (orig) : "r"(p), "r"(cmpval), "r"(val) diff --git a/lib/isc/radix.c b/lib/isc/radix.c index be2e841..641620c 100644 --- a/lib/isc/radix.c +++ b/lib/isc/radix.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: radix.c,v 1.23 2009-01-18 23:48:14 tbox Exp $ */ +/* $Id: radix.c,v 1.23.426.2 2011-03-12 04:59:18 tbox Exp $ */ /* * This source was adapted from MRT's RCS Ids: @@ -275,7 +275,7 @@ isc_radix_search(isc_radix_tree_t *radix, isc_radix_node_t **target, if (node && node->prefix) stack[cnt++] = node; - while (--cnt >= 0) { + while (cnt-- > 0) { node = stack[cnt]; if (_comp_with_mask(isc_prefix_tochar(node->prefix), diff --git a/lib/isc/rwlock.c b/lib/isc/rwlock.c index fce7516..5b37f9c 100644 --- a/lib/isc/rwlock.c +++ b/lib/isc/rwlock.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rwlock.c,v 1.46 2009-01-18 23:48:14 tbox Exp $ */ +/* $Id: rwlock.c,v 1.46.426.2 2011-03-12 04:59:18 tbox Exp $ */ /*! \file */ @@ -261,6 +261,7 @@ isc_rwlock_lock(isc_rwlock_t *rwl, isc_rwlocktype_t type) { } cntflag = isc_atomic_xadd(&rwl->cnt_and_flag, READER_INCR); + POST(cntflag); while (1) { if ((rwl->cnt_and_flag & WRITER_ACTIVE) == 0) break; diff --git a/lib/isc/sha1.c b/lib/isc/sha1.c index d72eb9c..72e6b0a 100644 --- a/lib/isc/sha1.c +++ b/lib/isc/sha1.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sha1.c,v 1.20 2009-02-06 23:47:42 tbox Exp $ */ +/* $Id: sha1.c,v 1.20.408.2 2011-03-12 04:59:18 tbox Exp $ */ /* $NetBSD: sha1.c,v 1.5 2000/01/22 22:19:14 mycroft Exp $ */ /* $OpenBSD: sha1.c,v 1.9 1997/07/23 21:12:32 kstailey Exp $ */ @@ -256,6 +256,8 @@ transform(isc_uint32_t state[5], const unsigned char buffer[64]) { /* Wipe variables */ a = b = c = d = e = 0; + /* Avoid compiler warnings */ + POST(a); POST(b); POST(c); POST(d); POST(e); } diff --git a/lib/isc/sha2.c b/lib/isc/sha2.c index 1dc05a70..a5d8afc 100644 --- a/lib/isc/sha2.c +++ b/lib/isc/sha2.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2005-2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sha2.c,v 1.18 2009-10-22 02:21:31 each Exp $ */ +/* $Id: sha2.c,v 1.18.280.2 2011-03-12 04:59:18 tbox Exp $ */ /* $FreeBSD$ */ /* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */ @@ -692,6 +692,9 @@ void isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) { /* Clean up */ a = b = c = d = e = f = g = h = T1 = 0; + /* Avoid compiler warnings */ + POST(a); POST(b); POST(c); POST(d); POST(e); POST(f); + POST(g); POST(h); POST(T1); } #else /* ISC_SHA2_UNROLL_TRANSFORM */ @@ -773,6 +776,9 @@ isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) { /* Clean up */ a = b = c = d = e = f = g = h = T1 = T2 = 0; + /* Avoid compiler warnings */ + POST(a); POST(b); POST(c); POST(d); POST(e); POST(f); + POST(g); POST(h); POST(T1); POST(T2); } #endif /* ISC_SHA2_UNROLL_TRANSFORM */ @@ -809,6 +815,8 @@ isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) { context->bitcount += len << 3; /* Clean up: */ usedspace = freespace = 0; + /* Avoid compiler warnings: */ + POST(usedspace); POST(freespace); return; } } @@ -827,6 +835,8 @@ isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) { } /* Clean up: */ usedspace = freespace = 0; + /* Avoid compiler warnings: */ + POST(usedspace); POST(freespace); } void @@ -897,6 +907,7 @@ isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) { /* Clean up state data: */ memset(context, 0, sizeof(context)); usedspace = 0; + POST(usedspace); } /*** SHA-512: *********************************************************/ @@ -1003,6 +1014,9 @@ void isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) { /* Clean up */ a = b = c = d = e = f = g = h = T1 = 0; + /* Avoid compiler warnings */ + POST(a); POST(b); POST(c); POST(d); POST(e); POST(f); + POST(g); POST(h); POST(T1); } #else /* ISC_SHA2_UNROLL_TRANSFORM */ @@ -1082,6 +1096,9 @@ isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) { /* Clean up */ a = b = c = d = e = f = g = h = T1 = T2 = 0; + /* Avoid compiler warnings */ + POST(a); POST(b); POST(c); POST(d); POST(e); POST(f); + POST(g); POST(h); POST(T1); POST(T2); } #endif /* ISC_SHA2_UNROLL_TRANSFORM */ @@ -1117,6 +1134,8 @@ void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t le ADDINC128(context->bitcount, len << 3); /* Clean up: */ usedspace = freespace = 0; + /* Avoid compiler warnings: */ + POST(usedspace); POST(freespace); return; } } @@ -1135,6 +1154,8 @@ void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t le } /* Clean up: */ usedspace = freespace = 0; + /* Avoid compiler warnings: */ + POST(usedspace); POST(freespace); } void isc_sha512_last(isc_sha512_t *context) { diff --git a/lib/isc/sockaddr.c b/lib/isc/sockaddr.c index 9661ee4..fe27066 100644 --- a/lib/isc/sockaddr.c +++ b/lib/isc/sockaddr.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2010, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sockaddr.c,v 1.73 2010-11-17 23:47:09 tbox Exp $ */ +/* $Id: sockaddr.c,v 1.73.38.2 2011-02-28 01:20:03 tbox Exp $ */ /*! \file */ @@ -182,6 +182,9 @@ isc_sockaddr_format(const isc_sockaddr_t *sa, char *array, unsigned int size) { isc_result_t result; isc_buffer_t buf; + if (size == 0U) + return; + isc_buffer_init(&buf, array, size); result = isc_sockaddr_totext(sa, &buf); if (result != ISC_R_SUCCESS) { diff --git a/lib/isc/string.c b/lib/isc/string.c index 3bcea3a..0cad5c7 100644 --- a/lib/isc/string.c +++ b/lib/isc/string.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: string.c,v 1.20 2007-06-19 23:47:17 tbox Exp $ */ +/* $Id: string.c,v 1.20.814.2 2011-03-12 04:59:18 tbox Exp $ */ /*! \file */ @@ -165,14 +165,15 @@ isc_string_printf(char *target, size_t size, const char *format, ...) { } void -isc_string_printf_truncate(char *target, size_t size, const char *format, ...) { +isc_string_printf_truncate(char *target, size_t size, const char *format, ...) +{ va_list args; - size_t n; REQUIRE(size > 0U); va_start(args, format); - n = vsnprintf(target, size, format, args); + /* check return code? */ + (void)vsnprintf(target, size, format, args); va_end(args); ENSURE(strlen(target) < size); diff --git a/lib/isc/task.c b/lib/isc/task.c index a9dfd1f..913e707 100644 --- a/lib/isc/task.c +++ b/lib/isc/task.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: task.c,v 1.115.14.1.2.1 2011-06-02 23:47:36 tbox Exp $ */ +/* $Id: task.c,v 1.115.14.2 2011-02-28 01:20:03 tbox Exp $ */ /*! \file * \author Principal Author: Bob Halley diff --git a/lib/isc/taskpool.c b/lib/isc/taskpool.c index 8efbf28..afd132b 100644 --- a/lib/isc/taskpool.c +++ b/lib/isc/taskpool.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,13 +15,14 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: taskpool.c,v 1.18 2007-06-18 23:47:44 tbox Exp $ */ +/* $Id: taskpool.c,v 1.18.814.2 2011-07-08 23:47:16 tbox Exp $ */ /*! \file */ #include <config.h> #include <isc/mem.h> +#include <isc/random.h> #include <isc/taskpool.h> #include <isc/util.h> @@ -31,28 +32,30 @@ struct isc_taskpool { isc_mem_t * mctx; + isc_taskmgr_t * tmgr; unsigned int ntasks; + unsigned int quantum; isc_task_t ** tasks; }; + /*** *** Functions. ***/ -isc_result_t -isc_taskpool_create(isc_taskmgr_t *tmgr, isc_mem_t *mctx, - unsigned int ntasks, unsigned int quantum, - isc_taskpool_t **poolp) +static isc_result_t +alloc_pool(isc_taskmgr_t *tmgr, isc_mem_t *mctx, unsigned int ntasks, + unsigned int quantum, isc_taskpool_t **poolp) { - unsigned int i; isc_taskpool_t *pool; - isc_result_t result; + unsigned int i; - INSIST(ntasks > 0); pool = isc_mem_get(mctx, sizeof(*pool)); if (pool == NULL) return (ISC_R_NOMEMORY); pool->mctx = mctx; pool->ntasks = ntasks; + pool->quantum = quantum; + pool->tmgr = tmgr; pool->tasks = isc_mem_get(mctx, ntasks * sizeof(isc_task_t *)); if (pool->tasks == NULL) { isc_mem_put(mctx, pool, sizeof(*pool)); @@ -60,6 +63,28 @@ isc_taskpool_create(isc_taskmgr_t *tmgr, isc_mem_t *mctx, } for (i = 0; i < ntasks; i++) pool->tasks[i] = NULL; + + *poolp = pool; + return (ISC_R_SUCCESS); +} + +isc_result_t +isc_taskpool_create(isc_taskmgr_t *tmgr, isc_mem_t *mctx, + unsigned int ntasks, unsigned int quantum, + isc_taskpool_t **poolp) +{ + unsigned int i; + isc_taskpool_t *pool = NULL; + isc_result_t result; + + INSIST(ntasks > 0); + + /* Allocate the pool structure */ + result = alloc_pool(tmgr, mctx, ntasks, quantum, &pool); + if (result != ISC_R_SUCCESS) + return (result); + + /* Create the tasks */ for (i = 0; i < ntasks; i++) { result = isc_task_create(tmgr, quantum, &pool->tasks[i]); if (result != ISC_R_SUCCESS) { @@ -68,14 +93,69 @@ isc_taskpool_create(isc_taskmgr_t *tmgr, isc_mem_t *mctx, } isc_task_setname(pool->tasks[i], "taskpool", NULL); } + *poolp = pool; return (ISC_R_SUCCESS); } -void isc_taskpool_gettask(isc_taskpool_t *pool, unsigned int hash, - isc_task_t **targetp) +void +isc_taskpool_gettask(isc_taskpool_t *pool, isc_task_t **targetp) { + isc_uint32_t i; + isc_random_get(&i); + isc_task_attach(pool->tasks[i % pool->ntasks], targetp); +} + +int +isc_taskpool_size(isc_taskpool_t *pool) { + REQUIRE(pool != NULL); + return (pool->ntasks); +} + +isc_result_t +isc_taskpool_expand(isc_taskpool_t **sourcep, unsigned int size, + isc_taskpool_t **targetp) { - isc_task_attach(pool->tasks[hash % pool->ntasks], targetp); + isc_result_t result; + isc_taskpool_t *pool; + + REQUIRE(sourcep != NULL && *sourcep != NULL); + REQUIRE(targetp != NULL && *targetp == NULL); + + pool = *sourcep; + if (size > pool->ntasks) { + isc_taskpool_t *newpool = NULL; + unsigned int i; + + /* Allocate a new pool structure */ + result = alloc_pool(pool->tmgr, pool->mctx, size, + pool->quantum, &newpool); + if (result != ISC_R_SUCCESS) + return (result); + + /* Copy over the tasks from the old pool */ + for (i = 0; i < pool->ntasks; i++) { + newpool->tasks[i] = pool->tasks[i]; + pool->tasks[i] = NULL; + } + + /* Create new tasks */ + for (i = pool->ntasks; i < size; i++) { + result = isc_task_create(pool->tmgr, pool->quantum, + &newpool->tasks[i]); + if (result != ISC_R_SUCCESS) { + isc_taskpool_destroy(&newpool); + return (result); + } + isc_task_setname(newpool->tasks[i], "taskpool", NULL); + } + + isc_taskpool_destroy(&pool); + pool = newpool; + } + + *sourcep = NULL; + *targetp = pool; + return (ISC_R_SUCCESS); } void diff --git a/lib/isc/timer.c b/lib/isc/timer.c index ab89cdd..71473fb 100644 --- a/lib/isc/timer.c +++ b/lib/isc/timer.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: timer.c,v 1.95.302.1.2.1 2011-06-02 23:47:36 tbox Exp $ */ +/* $Id: timer.c,v 1.95.302.3 2011-03-11 06:47:08 marka Exp $ */ /*! \file */ @@ -333,7 +333,9 @@ schedule(isc__timer_t *timer, isc_time_t *now, isc_boolean_t signal_ok) { static inline void deschedule(isc__timer_t *timer) { +#ifdef USE_TIMER_THREAD isc_boolean_t need_wakeup = ISC_FALSE; +#endif isc__timermgr_t *manager; /* @@ -342,8 +344,10 @@ deschedule(isc__timer_t *timer) { manager = timer->manager; if (timer->index > 0) { +#ifdef USE_TIMER_THREAD if (timer->index == 1) need_wakeup = ISC_TRUE; +#endif isc_heap_delete(manager->heap, timer->index); timer->index = 0; INSIST(manager->nscheduled > 0); @@ -527,6 +531,7 @@ isc__timer_reset(isc_timer_t *timer0, isc_timertype_t type, REQUIRE(VALID_TIMER(timer)); manager = timer->manager; REQUIRE(VALID_MANAGER(manager)); + if (expires == NULL) expires = isc_time_epoch; if (interval == NULL) @@ -550,8 +555,6 @@ isc__timer_reset(isc_timer_t *timer0, isc_timertype_t type, isc_time_settoepoch(&now); } - manager = timer->manager; - LOCK(&manager->lock); LOCK(&timer->lock); diff --git a/lib/isc/unix/dir.c b/lib/isc/unix/dir.c index 0caf882..e670f03 100644 --- a/lib/isc/unix/dir.c +++ b/lib/isc/unix/dir.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dir.c,v 1.29 2009-02-16 23:48:04 tbox Exp $ */ +/* $Id: dir.c,v 1.29.404.2 2011-03-12 04:59:19 tbox Exp $ */ /*! \file * \author Principal Authors: DCL */ @@ -79,7 +79,7 @@ isc_dir_open(isc_dir_t *dir, const char *dirname) { if (dir->dirname < p && *(p - 1) != '/') *p++ = '/'; *p++ = '*'; - *p++ = '\0'; + *p = '\0'; /* * Open stream. diff --git a/lib/isc/unix/file.c b/lib/isc/unix/file.c index 25d856c..3e4d3e0 100644 --- a/lib/isc/unix/file.c +++ b/lib/isc/unix/file.c @@ -48,7 +48,7 @@ * SUCH DAMAGE. */ -/* $Id: file.c,v 1.57 2011-01-11 23:47:14 tbox Exp $ */ +/* $Id: file.c,v 1.57.10.1 2011-03-04 14:10:13 smann Exp $ */ /*! \file */ @@ -348,6 +348,23 @@ isc_file_exists(const char *pathname) { return (ISC_TF(file_stats(pathname, &stats) == ISC_R_SUCCESS)); } +isc_result_t +isc_file_isplainfile(const char *filename) { + /* + * This function returns success if filename is a plain file. + */ + struct stat filestat; + memset(&filestat,0,sizeof(struct stat)); + + if ((stat(filename, &filestat)) == -1) + return(isc__errno2result(errno)); + + if(! S_ISREG(filestat.st_mode)) + return(ISC_R_INVALIDFILE); + + return(ISC_R_SUCCESS); +} + isc_boolean_t isc_file_isabsolute(const char *filename) { REQUIRE(filename != NULL); diff --git a/lib/isc/unix/include/isc/stdtime.h b/lib/isc/unix/include/isc/stdtime.h index 581e6f7..cadb382 100644 --- a/lib/isc/unix/include/isc/stdtime.h +++ b/lib/isc/unix/include/isc/stdtime.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: stdtime.h,v 1.14 2007-06-19 23:47:19 tbox Exp $ */ +/* $Id: stdtime.h,v 1.14.814.2 2011-03-18 23:47:15 tbox Exp $ */ #ifndef ISC_STDTIME_H #define ISC_STDTIME_H 1 @@ -31,6 +31,10 @@ * about its size. */ typedef isc_uint32_t isc_stdtime_t; + +/* but this flag helps... */ +#define STDTIME_ON_32BITS 1 + /* * isc_stdtime32_t is a 32-bit version of isc_stdtime_t. A variable of this * type should only be used as an opaque integer (e.g.,) to compare two diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c index ec7487e..c9aa454 100644 --- a/lib/isc/unix/socket.c +++ b/lib/isc/unix/socket.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: socket.c,v 1.333.14.2.2.1 2011-06-02 23:47:36 tbox Exp $ */ +/* $Id: socket.c,v 1.333.14.9 2011-07-29 02:19:20 marka Exp $ */ /*! \file */ @@ -764,6 +764,7 @@ FIX_IPV6_RECVPKTINFO(isc__socket_t *sock) if (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_RECVPKTINFO, (void *)&on, sizeof(on)) < 0) { + isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "setsockopt(%d, IPV6_RECVPKTINFO) " "%s: %s", sock->fd, @@ -1364,6 +1365,9 @@ build_msghdr_send(isc__socket_t *sock, isc_socketevent_t *dev, #if defined(USE_CMSG) && defined(ISC_PLATFORM_HAVEIN6PKTINFO) if ((sock->type == isc_sockettype_udp) && ((dev->attributes & ISC_SOCKEVENTATTR_PKTINFO) != 0)) { +#if defined(IPV6_USE_MIN_MTU) + int use_min_mtu = 1; /* -1, 0, 1 */ +#endif struct cmsghdr *cmsgp; struct in6_pktinfo *pktinfop; @@ -1382,6 +1386,22 @@ build_msghdr_send(isc__socket_t *sock, isc_socketevent_t *dev, cmsgp->cmsg_len = cmsg_len(sizeof(struct in6_pktinfo)); pktinfop = (struct in6_pktinfo *)CMSG_DATA(cmsgp); memcpy(pktinfop, &dev->pktinfo, sizeof(struct in6_pktinfo)); +#if defined(IPV6_USE_MIN_MTU) + /* + * Set IPV6_USE_MIN_MTU as a per packet option as FreeBSD + * ignores setsockopt(IPV6_USE_MIN_MTU) when IPV6_PKTINFO + * is used. + */ + cmsgp = (struct cmsghdr *)(sock->sendcmsgbuf + + msg->msg_controllen); + msg->msg_controllen += cmsg_space(sizeof(use_min_mtu)); + INSIST(msg->msg_controllen <= sock->sendcmsgbuflen); + + cmsgp->cmsg_level = IPPROTO_IPV6; + cmsgp->cmsg_type = IPV6_USE_MIN_MTU; + cmsgp->cmsg_len = cmsg_len(sizeof(use_min_mtu)); + memcpy(CMSG_DATA(cmsgp), &use_min_mtu, sizeof(use_min_mtu)); +#endif } #endif /* USE_CMSG && ISC_PLATFORM_HAVEIPV6 */ #else /* ISC_NET_BSD44MSGHDR */ @@ -1758,6 +1778,7 @@ doio_recv(isc__socket_t *sock, isc_socketevent_t *dev) { } else { isc_buffer_add(buffer, actual_count); actual_count = 0; + POST(actual_count); break; } buffer = ISC_LIST_NEXT(buffer, link); @@ -1997,9 +2018,10 @@ destroy(isc__socket_t **sockp) { SIGNAL(&manager->shutdown_ok); #endif /* USE_WATCHER_THREAD */ - UNLOCK(&manager->lock); - + /* can't unlock manager as its memory context is still used */ free_socket(sockp); + + UNLOCK(&manager->lock); } static isc_result_t @@ -2036,7 +2058,7 @@ allocate_socket(isc__socketmgr_t *manager, isc_sockettype_t type, */ cmsgbuflen = 0; #if defined(USE_CMSG) && defined(ISC_PLATFORM_HAVEIN6PKTINFO) - cmsgbuflen = cmsg_space(sizeof(struct in6_pktinfo)); + cmsgbuflen += cmsg_space(sizeof(struct in6_pktinfo)); #endif #if defined(USE_CMSG) && defined(SO_TIMESTAMP) cmsgbuflen += cmsg_space(sizeof(struct timeval)); @@ -2050,7 +2072,14 @@ allocate_socket(isc__socketmgr_t *manager, isc_sockettype_t type, cmsgbuflen = 0; #if defined(USE_CMSG) && defined(ISC_PLATFORM_HAVEIN6PKTINFO) - cmsgbuflen = cmsg_space(sizeof(struct in6_pktinfo)); + cmsgbuflen += cmsg_space(sizeof(struct in6_pktinfo)); +#if defined(IPV6_USE_MIN_MTU) + /* + * Provide space for working around FreeBSD's broken IPV6_USE_MIN_MTU + * support. + */ + cmsgbuflen += cmsg_space(sizeof(int)); +#endif #endif sock->sendcmsgbuflen = cmsgbuflen; if (sock->sendcmsgbuflen != 0U) { @@ -2400,10 +2429,18 @@ opensocket(isc__socketmgr_t *manager, isc__socket_t *sock) { #endif /* ISC_PLATFORM_HAVEIN6PKTINFO */ #ifdef IPV6_USE_MIN_MTU /* RFC 3542, not too common yet*/ /* use minimum MTU */ - if (sock->pf == AF_INET6) { - (void)setsockopt(sock->fd, IPPROTO_IPV6, - IPV6_USE_MIN_MTU, - (void *)&on, sizeof(on)); + if (sock->pf == AF_INET6 && + setsockopt(sock->fd, IPPROTO_IPV6, IPV6_USE_MIN_MTU, + (void *)&on, sizeof(on)) < 0) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + UNEXPECTED_ERROR(__FILE__, __LINE__, + "setsockopt(%d, IPV6_USE_MIN_MTU) " + "%s: %s", sock->fd, + isc_msgcat_get(isc_msgcat, + ISC_MSGSET_GENERAL, + ISC_MSG_FAILED, + "failed"), + strbuf); } #endif #if defined(IPV6_MTU) @@ -2422,8 +2459,9 @@ opensocket(isc__socketmgr_t *manager, isc__socket_t *sock) { */ if (sock->pf == AF_INET6) { int action = IPV6_PMTUDISC_DONT; - (void)setsockopt(sock->fd, IPPROTO_IPV6, IPV6_MTU_DISCOVER, - &action, sizeof(action)); + (void)setsockopt(sock->fd, IPPROTO_IPV6, + IPV6_MTU_DISCOVER, &action, + sizeof(action)); } #endif #endif /* ISC_PLATFORM_HAVEIPV6 */ @@ -2755,7 +2793,6 @@ isc__socket_close(isc_socket_t *sock0) { isc__socket_t *sock = (isc__socket_t *)sock0; int fd; isc__socketmgr_t *manager; - isc_sockettype_t type; REQUIRE(VALID_SOCKET(sock)); @@ -2775,7 +2812,6 @@ isc__socket_close(isc_socket_t *sock0) { INSIST(sock->connect_ev == NULL); manager = sock->manager; - type = sock->type; fd = sock->fd; sock->fd = -1; memset(sock->name, 0, sizeof(sock->name)); @@ -4455,9 +4491,8 @@ isc__socket_recvv(isc_socket_t *sock0, isc_bufferlist_t *buflist, INSIST(sock->bound); dev = allocate_socketevent(sock, ISC_SOCKEVENT_RECVDONE, action, arg); - if (dev == NULL) { + if (dev == NULL) return (ISC_R_NOMEMORY); - } /* * UDP sockets are always partial read @@ -4661,9 +4696,8 @@ isc__socket_sendto(isc_socket_t *sock0, isc_region_t *region, INSIST(sock->bound); dev = allocate_socketevent(sock, ISC_SOCKEVENT_SENDDONE, action, arg); - if (dev == NULL) { + if (dev == NULL) return (ISC_R_NOMEMORY); - } dev->region = *region; @@ -4702,9 +4736,8 @@ isc__socket_sendtov(isc_socket_t *sock0, isc_bufferlist_t *buflist, REQUIRE(iocount > 0); dev = allocate_socketevent(sock, ISC_SOCKEVENT_SENDDONE, action, arg); - if (dev == NULL) { + if (dev == NULL) return (ISC_R_NOMEMORY); - } /* * Move each buffer from the passed in list to our internal one. @@ -5121,6 +5154,7 @@ isc__socket_accept(isc_socket_t *sock0, */ isc_task_attach(task, &ntask); if (isc_task_exiting(ntask)) { + free_socket(&nsock); isc_task_detach(&ntask); isc_event_free(ISC_EVENT_PTR(&dev)); UNLOCK(&sock->lock); @@ -5632,7 +5666,7 @@ isc__socket_ipv6only(isc_socket_t *sock0, isc_boolean_t yes) { if (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&onoff, sizeof(int)) < 0) { char strbuf[ISC_STRERRORSIZE]; - + isc__strerror(errno, strbuf, sizeof(strbuf)); UNEXPECTED_ERROR(__FILE__, __LINE__, "setsockopt(%d, IPV6_V6ONLY) " "%s: %s", sock->fd, diff --git a/lib/isc/unix/stdio.c b/lib/isc/unix/stdio.c index ff3a527..9221d2a 100644 --- a/lib/isc/unix/stdio.c +++ b/lib/isc/unix/stdio.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: stdio.c,v 1.8 2007-06-19 23:47:18 tbox Exp $ */ +/* $Id: stdio.c,v 1.8.814.2 2011-03-05 23:52:09 tbox Exp $ */ #include <config.h> @@ -23,6 +23,7 @@ #include <unistd.h> #include <isc/stdio.h> +#include <isc/stat.h> #include "errno2result.h" diff --git a/lib/isc/unix/time.c b/lib/isc/unix/time.c index 1dc05b8..8d1d9fa 100644 --- a/lib/isc/unix/time.c +++ b/lib/isc/unix/time.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: time.c,v 1.56 2008-02-15 23:46:51 tbox Exp $ */ +/* $Id: time.c,v 1.56.608.2 2011-03-12 04:59:19 tbox Exp $ */ /*! \file */ @@ -319,7 +319,7 @@ isc_time_microdiff(const isc_time_t *t1, const isc_time_t *t2) { /* * Convert to microseconds. */ - i3 = (i1 - i2) / NS_PER_US; + i3 /= NS_PER_US; return (i3); } diff --git a/lib/isccc/Makefile.in b/lib/isccc/Makefile.in index 1417172..de92bd3 100644 --- a/lib/isccc/Makefile.in +++ b/lib/isccc/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.12.244.1.2.1 2011-06-02 23:47:37 tbox Exp $ +# $Id: Makefile.in,v 1.12.244.2 2011-02-28 01:20:04 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/lib/isccfg/Makefile.in b/lib/isccfg/Makefile.in index 37b0a26..73d8499 100644 --- a/lib/isccfg/Makefile.in +++ b/lib/isccfg/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.21.244.1.2.1 2011-06-02 23:47:37 tbox Exp $ +# $Id: Makefile.in,v 1.21.244.3 2011-03-10 04:29:18 each Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -27,7 +27,7 @@ top_srcdir = @top_srcdir@ CINCLUDES = -I. ${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} -CDEFINES = @USE_DLZ@ +CDEFINES = CWARNINGS = ISCLIBS = ../../lib/isc/libisc.@A@ diff --git a/lib/isccfg/aclconf.c b/lib/isccfg/aclconf.c index 44d436a4..34a54a3 100644 --- a/lib/isccfg/aclconf.c +++ b/lib/isccfg/aclconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: aclconf.c,v 1.29 2010-08-13 23:47:03 tbox Exp $ */ +/* $Id: aclconf.c,v 1.29.72.2 2011-06-17 23:47:11 tbox Exp $ */ #include <config.h> @@ -33,39 +33,70 @@ #define LOOP_MAGIC ISC_MAGIC('L','O','O','P') -void -cfg_aclconfctx_init(cfg_aclconfctx_t *ctx) { - ISC_LIST_INIT(ctx->named_acl_cache); +isc_result_t +cfg_aclconfctx_create(isc_mem_t *mctx, cfg_aclconfctx_t **ret) { + isc_result_t result; + cfg_aclconfctx_t *actx; + + REQUIRE(mctx != NULL); + REQUIRE(ret != NULL && *ret == NULL); + + actx = isc_mem_get(mctx, sizeof(*actx)); + if (actx == NULL) + return (ISC_R_NOMEMORY); + + result = isc_refcount_init(&actx->references, 1); + if (result != ISC_R_SUCCESS) + goto cleanup; + + actx->mctx = NULL; + isc_mem_attach(mctx, &actx->mctx); + ISC_LIST_INIT(actx->named_acl_cache); + + *ret = actx; + return (ISC_R_SUCCESS); + + cleanup: + isc_mem_put(mctx, actx, sizeof(*actx)); + return (result); } void -cfg_aclconfctx_clear(cfg_aclconfctx_t *ctx) { - dns_acl_t *dacl, *next; +cfg_aclconfctx_attach(cfg_aclconfctx_t *src, cfg_aclconfctx_t **dest) { + REQUIRE(src != NULL); + REQUIRE(dest != NULL && *dest == NULL); - for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache); - dacl != NULL; - dacl = next) - { - next = ISC_LIST_NEXT(dacl, nextincache); - dns_acl_detach(&dacl); - } + isc_refcount_increment(&src->references, NULL); + *dest = src; } void -cfg_aclconfctx_clone(cfg_aclconfctx_t *src, cfg_aclconfctx_t *dest) { +cfg_aclconfctx_detach(cfg_aclconfctx_t **actxp) { + cfg_aclconfctx_t *actx; dns_acl_t *dacl, *next; - REQUIRE(src != NULL && dest != NULL); - - cfg_aclconfctx_init(dest); - for (dacl = ISC_LIST_HEAD(src->named_acl_cache); - dacl != NULL; - dacl = next) - { - dns_acl_t *copy; - next = ISC_LIST_NEXT(dacl, nextincache); - dns_acl_attach(dacl, ©); - ISC_LIST_APPEND(dest->named_acl_cache, copy, nextincache); + isc_mem_t *mctx; + unsigned int refs; + + REQUIRE(actxp != NULL && *actxp != NULL); + + actx = *actxp; + mctx = actx->mctx; + + isc_refcount_decrement(&actx->references, &refs); + if (refs == 0) { + for (dacl = ISC_LIST_HEAD(actx->named_acl_cache); + dacl != NULL; + dacl = next) + { + next = ISC_LIST_NEXT(dacl, nextincache); + ISC_LIST_UNLINK(actx->named_acl_cache, dacl, + nextincache); + dns_acl_detach(&dacl); + } + isc_mem_putanddetach(&actx->mctx, actx, sizeof(*actx)); } + + *actxp = NULL; } /* diff --git a/lib/isccfg/api b/lib/isccfg/api index 7821c32..750ed97 100644 --- a/lib/isccfg/api +++ b/lib/isccfg/api @@ -1,3 +1,3 @@ -LIBINTERFACE = 81 -LIBREVISION = 1 -LIBAGE = 1 +LIBINTERFACE = 82 +LIBREVISION = 0 +LIBAGE = 0 diff --git a/lib/isccfg/include/isccfg/aclconf.h b/lib/isccfg/include/isccfg/aclconf.h index 49aef03..2b5ff23 100644 --- a/lib/isccfg/include/isccfg/aclconf.h +++ b/lib/isccfg/include/isccfg/aclconf.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2010, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: aclconf.h,v 1.12 2010-08-13 23:47:04 tbox Exp $ */ +/* $Id: aclconf.h,v 1.12.72.2 2011-06-17 23:47:12 tbox Exp $ */ #ifndef ISCCFG_ACLCONF_H #define ISCCFG_ACLCONF_H 1 @@ -28,7 +28,8 @@ typedef struct cfg_aclconfctx { ISC_LIST(dns_acl_t) named_acl_cache; - ISC_LIST(dns_iptable_t) named_iptable_cache; + isc_mem_t *mctx; + isc_refcount_t references; } cfg_aclconfctx_t; /*** @@ -37,22 +38,23 @@ typedef struct cfg_aclconfctx { ISC_LANG_BEGINDECLS -void -cfg_aclconfctx_init(cfg_aclconfctx_t *ctx); +isc_result_t +cfg_aclconfctx_create(isc_mem_t *mctx, cfg_aclconfctx_t **ret); /* - * Initialize an ACL configuration context. + * Creates and initializes an ACL configuration context. */ void -cfg_aclconfctx_clone(cfg_aclconfctx_t *src, cfg_aclconfctx_t *dest); +cfg_aclconfctx_detach(cfg_aclconfctx_t **actxp); /* - * Copy the contents of one ACL configuration context into another. + * Removes a reference to an ACL configuration context; when references + * reaches zero, clears the contents and deallocate the structure. */ void -cfg_aclconfctx_clear(cfg_aclconfctx_t *ctx); +cfg_aclconfctx_attach(cfg_aclconfctx_t *src, cfg_aclconfctx_t **dest); /* - * Clear the contents of an ACL configuration context. + * Attaches a pointer to an existing ACL configuration context. */ isc_result_t diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index f80d34b..46afd16 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: namedconf.c,v 1.131.8.1 2011-02-03 05:50:08 marka Exp $ */ +/* $Id: namedconf.c,v 1.131.8.4 2011-05-23 20:56:11 each Exp $ */ /*! \file */ @@ -542,8 +542,7 @@ static cfg_type_t cfg_type_bracketed_sockaddrlist = { &cfg_rep_list, &cfg_type_sockaddr }; -static const char *autodnssec_enums[] = { "allow", "maintain", "create", - "off", NULL }; +static const char *autodnssec_enums[] = { "allow", "maintain", "off", NULL }; static cfg_type_t cfg_type_autodnssec = { "autodnssec", cfg_parse_enum, cfg_print_ustring, cfg_doc_enum, &cfg_rep_string, &autodnssec_enums @@ -1131,6 +1130,24 @@ static cfg_type_t cfg_type_rpz = { * dnssec-lookaside */ +static void +print_lookaside(cfg_printer_t *pctx, const cfg_obj_t *obj) +{ + const cfg_obj_t *domain = obj->value.tuple[0]; + + if (domain->value.string.length == 4 && + strncmp(domain->value.string.base, "auto", 4) == 0) + cfg_print_cstr(pctx, "auto"); + else + cfg_print_tuple(pctx, obj); +} + +static void +doc_lookaside(cfg_printer_t *pctx, const cfg_type_t *type) { + UNUSED(type); + cfg_print_cstr(pctx, "( <string> trust-anchor <string> | auto )"); +} + static keyword_type_t trustanchor_kw = { "trust-anchor", &cfg_type_astring }; static cfg_type_t cfg_type_optional_trustanchor = { @@ -1145,7 +1162,7 @@ static cfg_tuplefielddef_t lookaside_fields[] = { }; static cfg_type_t cfg_type_lookaside = { - "lookaside", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple, + "lookaside", cfg_parse_tuple, print_lookaside, doc_lookaside, &cfg_rep_tuple, lookaside_fields }; @@ -2235,7 +2252,8 @@ static cfg_type_t cfg_type_controls_sockaddr = { * statement, which takes a single key with or without braces and semicolon. */ static isc_result_t -parse_server_key_kludge(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) +parse_server_key_kludge(cfg_parser_t *pctx, const cfg_type_t *type, + cfg_obj_t **ret) { isc_result_t result; isc_boolean_t braces = ISC_FALSE; @@ -2245,7 +2263,7 @@ parse_server_key_kludge(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t ** CHECK(cfg_peektoken(pctx, 0)); if (pctx->token.type == isc_tokentype_special && pctx->token.value.as_char == '{') { - result = cfg_gettoken(pctx, 0); + CHECK(cfg_gettoken(pctx, 0)); braces = ISC_TRUE; } diff --git a/lib/isccfg/parser.c b/lib/isccfg/parser.c index 87ad391..f561ab8 100644 --- a/lib/isccfg/parser.c +++ b/lib/isccfg/parser.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: parser.c,v 1.139 2011-01-04 23:47:14 tbox Exp $ */ +/* $Id: parser.c,v 1.139.14.2 2011-03-11 06:47:09 marka Exp $ */ /*! \file */ @@ -1904,6 +1904,7 @@ cfg_doc_netaddr(cfg_printer_t *pctx, const cfg_type_t *type) { cfg_print_chars(pctx, " | ", 3); cfg_print_chars(pctx, "*", 1); n++; + POST(n); } if (*flagp != CFG_ADDR_V4OK && *flagp != CFG_ADDR_V6OK) cfg_print_chars(pctx, " )", 2); @@ -1943,7 +1944,7 @@ cfg_parse_netprefix(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t *obj = NULL; isc_result_t result; isc_netaddr_t netaddr; - unsigned int addrlen, prefixlen; + unsigned int addrlen = 0, prefixlen; UNUSED(type); CHECK(cfg_parse_rawaddr(pctx, CFG_ADDR_V4OK | CFG_ADDR_V4PREFIXOK | @@ -1956,7 +1957,6 @@ cfg_parse_netprefix(cfg_parser_t *pctx, const cfg_type_t *type, addrlen = 128; break; default: - addrlen = 0; INSIST(0); break; } @@ -2006,8 +2006,12 @@ cfg_obj_isnetprefix(const cfg_obj_t *obj) { void cfg_obj_asnetprefix(const cfg_obj_t *obj, isc_netaddr_t *netaddr, - unsigned int *prefixlen) { + unsigned int *prefixlen) +{ REQUIRE(obj != NULL && obj->type->rep == &cfg_rep_netprefix); + REQUIRE(netaddr != NULL); + REQUIRE(prefixlen != NULL); + *netaddr = obj->value.netprefix.address; *prefixlen = obj->value.netprefix.prefixlen; } @@ -2091,6 +2095,7 @@ cfg_doc_sockaddr(cfg_printer_t *pctx, const cfg_type_t *type) { cfg_print_chars(pctx, " | ", 3); cfg_print_chars(pctx, "*", 1); n++; + POST(n); } cfg_print_chars(pctx, " ) ", 3); if (*flagp & CFG_ADDR_WILDOK) { diff --git a/lib/lwres/api b/lib/lwres/api index 94575eb..78dd0b4 100644 --- a/lib/lwres/api +++ b/lib/lwres/api @@ -1,3 +1,3 @@ LIBINTERFACE = 80 -LIBREVISION = 0 +LIBREVISION = 1 LIBAGE = 0 diff --git a/lib/lwres/assert_p.h b/lib/lwres/assert_p.h index c8965b5..afe5099 100644 --- a/lib/lwres/assert_p.h +++ b/lib/lwres/assert_p.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: assert_p.h,v 1.14 2007-06-19 23:47:22 tbox Exp $ */ +/* $Id: assert_p.h,v 1.14.814.2 2011-03-12 04:59:19 tbox Exp $ */ #ifndef LWRES_ASSERT_P_H #define LWRES_ASSERT_P_H 1 @@ -28,6 +28,7 @@ #define INSIST(x) assert(x) #define UNUSED(x) ((void)(x)) +#define POST(x) ((void)(x)) #define SPACE_OK(b, s) (LWRES_BUFFER_AVAILABLECOUNT(b) >= (s)) #define SPACE_REMAINING(b, s) (LWRES_BUFFER_REMAINING(b) >= (s)) diff --git a/lib/lwres/herror.c b/lib/lwres/herror.c index babc1f0..ec834e6 100644 --- a/lib/lwres/herror.c +++ b/lib/lwres/herror.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -72,7 +72,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)herror.c 8.1 (Berkeley) 6/4/93"; static const char rcsid[] = - "$Id: herror.c,v 1.17 2007-06-19 23:47:22 tbox Exp $"; + "$Id: herror.c,v 1.17.814.2 2011-03-12 04:59:19 tbox Exp $"; #endif /* LIBC_SCCS and not lint */ #include <config.h> @@ -96,7 +96,7 @@ static const char *h_errlist[] = { "No address associated with name", /*%< 4 NO_ADDRESS */ }; -static int h_nerr = { sizeof(h_errlist) / sizeof(h_errlist[0]) }; +static int h_nerr = sizeof(h_errlist) / sizeof(h_errlist[0]); /*! diff --git a/lib/lwres/lwconfig.c b/lib/lwres/lwconfig.c index 764ff2a..6df09d1 100644 --- a/lib/lwres/lwconfig.c +++ b/lib/lwres/lwconfig.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwconfig.c,v 1.48 2008-12-17 23:47:58 tbox Exp $ */ +/* $Id: lwconfig.c,v 1.48.436.2 2011-03-12 04:59:19 tbox Exp $ */ /*! \file */ @@ -589,6 +589,7 @@ lwres_conf_parse(lwres_context_t *ctx, const char *filename) { stopchar = getword(fp, word, sizeof(word)); if (stopchar == EOF) { rval = LWRES_R_SUCCESS; + POST(rval); break; } diff --git a/lib/lwres/man/lwres.html b/lib/lwres/man/lwres.html index 6cfb750..8bc0392 100644 --- a/lib/lwres/man/lwres.html +++ b/lib/lwres/man/lwres.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwres.html,v 1.24.484.1 2011-06-09 03:41:05 tbox Exp $ --> +<!-- $Id: lwres.html,v 1.24 2009-07-11 01:12:46 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476267"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>lwres — introduction to the lightweight resolver library</p> @@ -32,7 +32,7 @@ <div class="funcsynopsis"><pre class="funcsynopsisinfo">#include <lwres/lwres.h></pre></div> </div> <div class="refsect1" lang="en"> -<a name="id2543346"></a><h2>DESCRIPTION</h2> +<a name="id2543348"></a><h2>DESCRIPTION</h2> <p> The BIND 9 lightweight resolver library is a simple, name service independent stub resolver library. It provides hostname-to-address @@ -47,7 +47,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543358"></a><h2>OVERVIEW</h2> +<a name="id2543361"></a><h2>OVERVIEW</h2> <p> The lwresd library implements multiple name service APIs. The standard @@ -101,7 +101,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543422"></a><h2>CLIENT-SIDE LOW-LEVEL API CALL FLOW</h2> +<a name="id2543425"></a><h2>CLIENT-SIDE LOW-LEVEL API CALL FLOW</h2> <p> When a client program wishes to make an lwres request using the native low-level API, it typically performs the following @@ -149,7 +149,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543571"></a><h2>SERVER-SIDE LOW-LEVEL API CALL FLOW</h2> +<a name="id2543573"></a><h2>SERVER-SIDE LOW-LEVEL API CALL FLOW</h2> <p> When implementing the server side of the lightweight resolver protocol using the lwres library, a sequence of actions like the @@ -191,7 +191,7 @@ <p></p> </div> <div class="refsect1" lang="en"> -<a name="id2543654"></a><h2>SEE ALSO</h2> +<a name="id2543656"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">lwres_gethostent</span>(3)</span>, <span class="citerefentry"><span class="refentrytitle">lwres_getipnode</span>(3)</span>, diff --git a/lib/lwres/man/lwres_buffer.html b/lib/lwres/man/lwres_buffer.html index b7e034f..6d1776f 100644 --- a/lib/lwres/man/lwres_buffer.html +++ b/lib/lwres/man/lwres_buffer.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwres_buffer.html,v 1.22.484.1 2011-06-09 03:41:05 tbox Exp $ --> +<!-- $Id: lwres_buffer.html,v 1.22 2009-07-11 01:12:46 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476267"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>lwres_buffer_init, lwres_buffer_invalidate, lwres_buffer_add, lwres_buffer_subtract, lwres_buffer_clear, lwres_buffer_first, lwres_buffer_forward, lwres_buffer_back, lwres_buffer_getuint8, lwres_buffer_putuint8, lwres_buffer_getuint16, lwres_buffer_putuint16, lwres_buffer_getuint32, lwres_buffer_putuint32, lwres_buffer_putmem, lwres_buffer_getmem — lightweight resolver buffer management</p> @@ -262,7 +262,7 @@ void </div> </div> <div class="refsect1" lang="en"> -<a name="id2543890"></a><h2>DESCRIPTION</h2> +<a name="id2543892"></a><h2>DESCRIPTION</h2> <p> These functions provide bounds checked access to a region of memory where data is being read or written. diff --git a/lib/lwres/man/lwres_config.html b/lib/lwres/man/lwres_config.html index 8c330a3..e1d41df 100644 --- a/lib/lwres/man/lwres_config.html +++ b/lib/lwres/man/lwres_config.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwres_config.html,v 1.23.484.1 2011-06-09 03:41:06 tbox Exp $ --> +<!-- $Id: lwres_config.html,v 1.23 2009-07-11 01:12:46 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476267"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>lwres_conf_init, lwres_conf_clear, lwres_conf_parse, lwres_conf_print, lwres_conf_get — lightweight resolver configuration</p> @@ -90,7 +90,7 @@ lwres_conf_t * </div> </div> <div class="refsect1" lang="en"> -<a name="id2543438"></a><h2>DESCRIPTION</h2> +<a name="id2543441"></a><h2>DESCRIPTION</h2> <p><code class="function">lwres_conf_init()</code> creates an empty <span class="type">lwres_conf_t</span> @@ -123,7 +123,7 @@ lwres_conf_t * </p> </div> <div class="refsect1" lang="en"> -<a name="id2543506"></a><h2>RETURN VALUES</h2> +<a name="id2543508"></a><h2>RETURN VALUES</h2> <p><code class="function">lwres_conf_parse()</code> returns <span class="errorcode">LWRES_R_SUCCESS</span> if it successfully read and parsed @@ -142,13 +142,13 @@ lwres_conf_t * </p> </div> <div class="refsect1" lang="en"> -<a name="id2543543"></a><h2>SEE ALSO</h2> +<a name="id2543545"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">stdio</span>(3)</span>, <span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543569"></a><h2>FILES</h2> +<a name="id2543571"></a><h2>FILES</h2> <p><code class="filename">/etc/resolv.conf</code> </p> </div> diff --git a/lib/lwres/man/lwres_context.html b/lib/lwres/man/lwres_context.html index 50d5d9f..0f59527 100644 --- a/lib/lwres/man/lwres_context.html +++ b/lib/lwres/man/lwres_context.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwres_context.html,v 1.24.484.1 2011-06-09 03:41:06 tbox Exp $ --> +<!-- $Id: lwres_context.html,v 1.24 2009-07-11 01:12:46 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476267"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>lwres_context_create, lwres_context_destroy, lwres_context_nextserial, lwres_context_initserial, lwres_context_freemem, lwres_context_allocmem, lwres_context_sendrecv — lightweight resolver context management</p> @@ -172,7 +172,7 @@ void * </div> </div> <div class="refsect1" lang="en"> -<a name="id2543529"></a><h2>DESCRIPTION</h2> +<a name="id2543531"></a><h2>DESCRIPTION</h2> <p><code class="function">lwres_context_create()</code> creates a <span class="type">lwres_context_t</span> structure for use in lightweight resolver operations. It holds a socket and other @@ -258,7 +258,7 @@ void * </p> </div> <div class="refsect1" lang="en"> -<a name="id2543717"></a><h2>RETURN VALUES</h2> +<a name="id2543719"></a><h2>RETURN VALUES</h2> <p><code class="function">lwres_context_create()</code> returns <span class="errorcode">LWRES_R_NOMEMORY</span> if memory for the <span class="type">struct lwres_context</span> could not be allocated, @@ -283,7 +283,7 @@ void * </p> </div> <div class="refsect1" lang="en"> -<a name="id2543767"></a><h2>SEE ALSO</h2> +<a name="id2543769"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">lwres_conf_init</span>(3)</span>, <span class="citerefentry"><span class="refentrytitle">malloc</span>(3)</span>, diff --git a/lib/lwres/man/lwres_gabn.html b/lib/lwres/man/lwres_gabn.html index 32b5f21..d9e246b 100644 --- a/lib/lwres/man/lwres_gabn.html +++ b/lib/lwres/man/lwres_gabn.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwres_gabn.html,v 1.25.484.1 2011-06-09 03:41:06 tbox Exp $ --> +<!-- $Id: lwres_gabn.html,v 1.25 2009-07-11 01:12:46 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476267"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>lwres_gabnrequest_render, lwres_gabnresponse_render, lwres_gabnrequest_parse, lwres_gabnresponse_parse, lwres_gabnresponse_free, lwres_gabnrequest_free — lightweight resolver getaddrbyname message handling</p> @@ -178,7 +178,7 @@ void </div> </div> <div class="refsect1" lang="en"> -<a name="id2543520"></a><h2>DESCRIPTION</h2> +<a name="id2543522"></a><h2>DESCRIPTION</h2> <p> These are low-level routines for creating and parsing lightweight resolver name-to-address lookup request and @@ -278,7 +278,7 @@ typedef struct { </p> </div> <div class="refsect1" lang="en"> -<a name="id2543665"></a><h2>RETURN VALUES</h2> +<a name="id2543667"></a><h2>RETURN VALUES</h2> <p> The getaddrbyname opcode functions <code class="function">lwres_gabnrequest_render()</code>, @@ -316,7 +316,7 @@ typedef struct { </p> </div> <div class="refsect1" lang="en"> -<a name="id2543731"></a><h2>SEE ALSO</h2> +<a name="id2543733"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">lwres_packet</span>(3)</span> </p> </div> diff --git a/lib/lwres/man/lwres_gai_strerror.html b/lib/lwres/man/lwres_gai_strerror.html index 9ff330b..7d494e3 100644 --- a/lib/lwres/man/lwres_gai_strerror.html +++ b/lib/lwres/man/lwres_gai_strerror.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwres_gai_strerror.html,v 1.25.484.1 2011-06-09 03:41:06 tbox Exp $ --> +<!-- $Id: lwres_gai_strerror.html,v 1.25 2009-07-11 01:12:46 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476267"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>lwres_gai_strerror — print suitable error string</p> @@ -42,7 +42,7 @@ char * </div> </div> <div class="refsect1" lang="en"> -<a name="id2543358"></a><h2>DESCRIPTION</h2> +<a name="id2543361"></a><h2>DESCRIPTION</h2> <p><code class="function">lwres_gai_strerror()</code> returns an error message corresponding to an error code returned by <code class="function">getaddrinfo()</code>. @@ -110,7 +110,7 @@ char * </p> </div> <div class="refsect1" lang="en"> -<a name="id2543574"></a><h2>SEE ALSO</h2> +<a name="id2543576"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">strerror</span>(3)</span>, <span class="citerefentry"><span class="refentrytitle">lwres_getaddrinfo</span>(3)</span>, diff --git a/lib/lwres/man/lwres_getaddrinfo.html b/lib/lwres/man/lwres_getaddrinfo.html index d367f51..ad886df 100644 --- a/lib/lwres/man/lwres_getaddrinfo.html +++ b/lib/lwres/man/lwres_getaddrinfo.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwres_getaddrinfo.html,v 1.28.484.1 2011-06-09 03:41:06 tbox Exp $ --> +<!-- $Id: lwres_getaddrinfo.html,v 1.28 2009-07-11 01:12:46 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476267"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>lwres_getaddrinfo, lwres_freeaddrinfo — socket address structure to host and service name</p> @@ -89,7 +89,7 @@ struct addrinfo { </p> </div> <div class="refsect1" lang="en"> -<a name="id2543410"></a><h2>DESCRIPTION</h2> +<a name="id2543412"></a><h2>DESCRIPTION</h2> <p><code class="function">lwres_getaddrinfo()</code> is used to get a list of IP addresses and port numbers for host <em class="parameter"><code>hostname</code></em> and service @@ -283,7 +283,7 @@ struct addrinfo { </p> </div> <div class="refsect1" lang="en"> -<a name="id2543787"></a><h2>RETURN VALUES</h2> +<a name="id2543789"></a><h2>RETURN VALUES</h2> <p><code class="function">lwres_getaddrinfo()</code> returns zero on success or one of the error codes listed in <span class="citerefentry"><span class="refentrytitle">gai_strerror</span>(3)</span> @@ -294,7 +294,7 @@ struct addrinfo { </p> </div> <div class="refsect1" lang="en"> -<a name="id2542118"></a><h2>SEE ALSO</h2> +<a name="id2543827"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>, <span class="citerefentry"><span class="refentrytitle">lwres_getaddrinfo</span>(3)</span>, diff --git a/lib/lwres/man/lwres_gethostent.html b/lib/lwres/man/lwres_gethostent.html index fdaa062..9e9ec4f 100644 --- a/lib/lwres/man/lwres_gethostent.html +++ b/lib/lwres/man/lwres_gethostent.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwres_gethostent.html,v 1.25.484.1 2011-06-09 03:41:06 tbox Exp $ --> +<!-- $Id: lwres_gethostent.html,v 1.25 2009-07-11 01:12:46 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476267"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>lwres_gethostbyname, lwres_gethostbyname2, lwres_gethostbyaddr, lwres_gethostent, lwres_sethostent, lwres_endhostent, lwres_gethostbyname_r, lwres_gethostbyaddr_r, lwres_gethostent_r, lwres_sethostent_r, lwres_endhostent_r — lightweight resolver get network host entry</p> @@ -228,7 +228,7 @@ void </div> </div> <div class="refsect1" lang="en"> -<a name="id2543606"></a><h2>DESCRIPTION</h2> +<a name="id2543608"></a><h2>DESCRIPTION</h2> <p> These functions provide hostname-to-address and address-to-hostname lookups by means of the lightweight resolver. @@ -366,7 +366,7 @@ struct hostent { </p> </div> <div class="refsect1" lang="en"> -<a name="id2543957"></a><h2>RETURN VALUES</h2> +<a name="id2543959"></a><h2>RETURN VALUES</h2> <p> The functions <code class="function">lwres_gethostbyname()</code>, @@ -430,7 +430,7 @@ struct hostent { </p> </div> <div class="refsect1" lang="en"> -<a name="id2544190"></a><h2>SEE ALSO</h2> +<a name="id2544193"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">gethostent</span>(3)</span>, <span class="citerefentry"><span class="refentrytitle">lwres_getipnode</span>(3)</span>, @@ -439,7 +439,7 @@ struct hostent { </p> </div> <div class="refsect1" lang="en"> -<a name="id2544225"></a><h2>BUGS</h2> +<a name="id2544227"></a><h2>BUGS</h2> <p><code class="function">lwres_gethostbyname()</code>, <code class="function">lwres_gethostbyname2()</code>, <code class="function">lwres_gethostbyaddr()</code> diff --git a/lib/lwres/man/lwres_getipnode.html b/lib/lwres/man/lwres_getipnode.html index 9f54cb6..42a33b1 100644 --- a/lib/lwres/man/lwres_getipnode.html +++ b/lib/lwres/man/lwres_getipnode.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwres_getipnode.html,v 1.26.484.1 2011-06-09 03:41:06 tbox Exp $ --> +<!-- $Id: lwres_getipnode.html,v 1.26 2009-07-11 01:12:46 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476267"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>lwres_getipnodebyname, lwres_getipnodebyaddr, lwres_freehostent — lightweight resolver nodename / address translation API</p> @@ -98,7 +98,7 @@ void </div> </div> <div class="refsect1" lang="en"> -<a name="id2543429"></a><h2>DESCRIPTION</h2> +<a name="id2543431"></a><h2>DESCRIPTION</h2> <p> These functions perform thread safe, protocol independent nodename-to-address and address-to-nodename @@ -217,7 +217,7 @@ struct hostent { </p> </div> <div class="refsect1" lang="en"> -<a name="id2543687"></a><h2>RETURN VALUES</h2> +<a name="id2543689"></a><h2>RETURN VALUES</h2> <p> If an error occurs, <code class="function">lwres_getipnodebyname()</code> @@ -261,7 +261,7 @@ struct hostent { </p> </div> <div class="refsect1" lang="en"> -<a name="id2543784"></a><h2>SEE ALSO</h2> +<a name="id2543786"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">RFC2553</span></span>, <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>, diff --git a/lib/lwres/man/lwres_getnameinfo.html b/lib/lwres/man/lwres_getnameinfo.html index 1048543..1216910 100644 --- a/lib/lwres/man/lwres_getnameinfo.html +++ b/lib/lwres/man/lwres_getnameinfo.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwres_getnameinfo.html,v 1.24.484.1 2011-06-09 03:41:06 tbox Exp $ --> +<!-- $Id: lwres_getnameinfo.html,v 1.24 2009-07-11 01:12:46 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476267"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>lwres_getnameinfo — lightweight resolver socket address structure to hostname and @@ -82,7 +82,7 @@ int </div> </div> <div class="refsect1" lang="en"> -<a name="id2543390"></a><h2>DESCRIPTION</h2> +<a name="id2543393"></a><h2>DESCRIPTION</h2> <p> This function is equivalent to the <span class="citerefentry"><span class="refentrytitle">getnameinfo</span>(3)</span> function defined in RFC2133. @@ -149,13 +149,13 @@ int </p> </div> <div class="refsect1" lang="en"> -<a name="id2543532"></a><h2>RETURN VALUES</h2> +<a name="id2543534"></a><h2>RETURN VALUES</h2> <p><code class="function">lwres_getnameinfo()</code> returns 0 on success or a non-zero error code if an error occurs. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543544"></a><h2>SEE ALSO</h2> +<a name="id2543546"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">RFC2133</span></span>, <span class="citerefentry"><span class="refentrytitle">getservbyport</span>(3)</span>, <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>, @@ -165,7 +165,7 @@ int </p> </div> <div class="refsect1" lang="en"> -<a name="id2543602"></a><h2>BUGS</h2> +<a name="id2543604"></a><h2>BUGS</h2> <p> RFC2133 fails to define what the nonzero return values of <span class="citerefentry"><span class="refentrytitle">getnameinfo</span>(3)</span> diff --git a/lib/lwres/man/lwres_getrrsetbyname.html b/lib/lwres/man/lwres_getrrsetbyname.html index 3a7fb9f..c96b382 100644 --- a/lib/lwres/man/lwres_getrrsetbyname.html +++ b/lib/lwres/man/lwres_getrrsetbyname.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwres_getrrsetbyname.html,v 1.24.484.1 2011-06-09 03:41:06 tbox Exp $ --> +<!-- $Id: lwres_getrrsetbyname.html,v 1.24 2009-07-11 01:12:46 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476267"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>lwres_getrrsetbyname, lwres_freerrset — retrieve DNS records</p> @@ -102,7 +102,7 @@ struct rrsetinfo { </p> </div> <div class="refsect1" lang="en"> -<a name="id2543412"></a><h2>DESCRIPTION</h2> +<a name="id2543414"></a><h2>DESCRIPTION</h2> <p><code class="function">lwres_getrrsetbyname()</code> gets a set of resource records associated with a <em class="parameter"><code>hostname</code></em>, <em class="parameter"><code>class</code></em>, @@ -150,7 +150,7 @@ struct rrsetinfo { <p></p> </div> <div class="refsect1" lang="en"> -<a name="id2543524"></a><h2>RETURN VALUES</h2> +<a name="id2543526"></a><h2>RETURN VALUES</h2> <p><code class="function">lwres_getrrsetbyname()</code> returns zero on success, and one of the following error codes if an error occurred: @@ -184,7 +184,7 @@ struct rrsetinfo { </p> </div> <div class="refsect1" lang="en"> -<a name="id2543624"></a><h2>SEE ALSO</h2> +<a name="id2543626"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>. </p> </div> diff --git a/lib/lwres/man/lwres_gnba.html b/lib/lwres/man/lwres_gnba.html index 8c7691e..cf4b49f 100644 --- a/lib/lwres/man/lwres_gnba.html +++ b/lib/lwres/man/lwres_gnba.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwres_gnba.html,v 1.25.484.1 2011-06-09 03:41:06 tbox Exp $ --> +<!-- $Id: lwres_gnba.html,v 1.25 2009-07-11 01:12:46 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476267"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>lwres_gnbarequest_render, lwres_gnbaresponse_render, lwres_gnbarequest_parse, lwres_gnbaresponse_parse, lwres_gnbaresponse_free, lwres_gnbarequest_free — lightweight resolver getnamebyaddress message handling</p> @@ -183,7 +183,7 @@ void </div> </div> <div class="refsect1" lang="en"> -<a name="id2543523"></a><h2>DESCRIPTION</h2> +<a name="id2543525"></a><h2>DESCRIPTION</h2> <p> These are low-level routines for creating and parsing lightweight resolver address-to-name lookup request and @@ -270,7 +270,7 @@ typedef struct { </p> </div> <div class="refsect1" lang="en"> -<a name="id2543662"></a><h2>RETURN VALUES</h2> +<a name="id2543665"></a><h2>RETURN VALUES</h2> <p> The getnamebyaddr opcode functions <code class="function">lwres_gnbarequest_render()</code>, @@ -308,7 +308,7 @@ typedef struct { </p> </div> <div class="refsect1" lang="en"> -<a name="id2543729"></a><h2>SEE ALSO</h2> +<a name="id2543731"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">lwres_packet</span>(3)</span>. </p> </div> diff --git a/lib/lwres/man/lwres_hstrerror.html b/lib/lwres/man/lwres_hstrerror.html index df1c425..09371ca 100644 --- a/lib/lwres/man/lwres_hstrerror.html +++ b/lib/lwres/man/lwres_hstrerror.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwres_hstrerror.html,v 1.24.484.1 2011-06-09 03:41:07 tbox Exp $ --> +<!-- $Id: lwres_hstrerror.html,v 1.24 2009-07-11 01:12:46 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476267"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>lwres_herror, lwres_hstrerror — lightweight resolver error message generation</p> @@ -50,7 +50,7 @@ const char * </div> </div> <div class="refsect1" lang="en"> -<a name="id2543377"></a><h2>DESCRIPTION</h2> +<a name="id2543379"></a><h2>DESCRIPTION</h2> <p><code class="function">lwres_herror()</code> prints the string <em class="parameter"><code>s</code></em> on <span class="type">stderr</span> followed by the string generated by @@ -84,7 +84,7 @@ const char * </p> </div> <div class="refsect1" lang="en"> -<a name="id2543495"></a><h2>RETURN VALUES</h2> +<a name="id2543497"></a><h2>RETURN VALUES</h2> <p> The string <span class="errorname">Unknown resolver error</span> is returned by <code class="function">lwres_hstrerror()</code> @@ -94,7 +94,7 @@ const char * </p> </div> <div class="refsect1" lang="en"> -<a name="id2543515"></a><h2>SEE ALSO</h2> +<a name="id2543517"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">herror</span>(3)</span>, <span class="citerefentry"><span class="refentrytitle">lwres_hstrerror</span>(3)</span>. diff --git a/lib/lwres/man/lwres_inetntop.html b/lib/lwres/man/lwres_inetntop.html index f0ea41a..3863ecc 100644 --- a/lib/lwres/man/lwres_inetntop.html +++ b/lib/lwres/man/lwres_inetntop.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwres_inetntop.html,v 1.24.484.1 2011-06-09 03:41:06 tbox Exp $ --> +<!-- $Id: lwres_inetntop.html,v 1.24 2009-07-11 01:12:46 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476267"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>lwres_net_ntop — lightweight resolver IP address presentation</p> @@ -62,7 +62,7 @@ const char * </div> </div> <div class="refsect1" lang="en"> -<a name="id2543377"></a><h2>DESCRIPTION</h2> +<a name="id2543379"></a><h2>DESCRIPTION</h2> <p><code class="function">lwres_net_ntop()</code> converts an IP address of protocol family <em class="parameter"><code>af</code></em> — IPv4 or IPv6 — at @@ -80,7 +80,7 @@ const char * </p> </div> <div class="refsect1" lang="en"> -<a name="id2543409"></a><h2>RETURN VALUES</h2> +<a name="id2543411"></a><h2>RETURN VALUES</h2> <p> If successful, the function returns <em class="parameter"><code>dst</code></em>: a pointer to a string containing the presentation format of the @@ -93,7 +93,7 @@ const char * </p> </div> <div class="refsect1" lang="en"> -<a name="id2543442"></a><h2>SEE ALSO</h2> +<a name="id2543444"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">RFC1884</span></span>, <span class="citerefentry"><span class="refentrytitle">inet_ntop</span>(3)</span>, <span class="citerefentry"><span class="refentrytitle">errno</span>(3)</span>. diff --git a/lib/lwres/man/lwres_noop.html b/lib/lwres/man/lwres_noop.html index 8f9d402..b4b6241 100644 --- a/lib/lwres/man/lwres_noop.html +++ b/lib/lwres/man/lwres_noop.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwres_noop.html,v 1.26.484.1 2011-06-09 03:41:07 tbox Exp $ --> +<!-- $Id: lwres_noop.html,v 1.26 2009-07-11 01:12:46 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476267"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>lwres_nooprequest_render, lwres_noopresponse_render, lwres_nooprequest_parse, lwres_noopresponse_parse, lwres_noopresponse_free, lwres_nooprequest_free — lightweight resolver no-op message handling</p> @@ -179,7 +179,7 @@ void </div> </div> <div class="refsect1" lang="en"> -<a name="id2543520"></a><h2>DESCRIPTION</h2> +<a name="id2543522"></a><h2>DESCRIPTION</h2> <p> These are low-level routines for creating and parsing lightweight resolver no-op request and response messages. @@ -270,7 +270,7 @@ typedef struct { </p> </div> <div class="refsect1" lang="en"> -<a name="id2543670"></a><h2>RETURN VALUES</h2> +<a name="id2543672"></a><h2>RETURN VALUES</h2> <p> The no-op opcode functions <code class="function">lwres_nooprequest_render()</code>, @@ -309,7 +309,7 @@ typedef struct { </p> </div> <div class="refsect1" lang="en"> -<a name="id2543736"></a><h2>SEE ALSO</h2> +<a name="id2543738"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">lwres_packet</span>(3)</span> </p> </div> diff --git a/lib/lwres/man/lwres_packet.html b/lib/lwres/man/lwres_packet.html index 84eafc1..a2f1191 100644 --- a/lib/lwres/man/lwres_packet.html +++ b/lib/lwres/man/lwres_packet.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwres_packet.html,v 1.27.484.1 2011-06-09 03:41:07 tbox Exp $ --> +<!-- $Id: lwres_packet.html,v 1.27 2009-07-11 01:12:46 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476267"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>lwres_lwpacket_renderheader, lwres_lwpacket_parseheader — lightweight resolver packet handling functions</p> @@ -66,7 +66,7 @@ lwres_result_t </div> </div> <div class="refsect1" lang="en"> -<a name="id2543387"></a><h2>DESCRIPTION</h2> +<a name="id2543389"></a><h2>DESCRIPTION</h2> <p> These functions rely on a <span class="type">struct lwres_lwpacket</span> @@ -219,7 +219,7 @@ struct lwres_lwpacket { </p> </div> <div class="refsect1" lang="en"> -<a name="id2543704"></a><h2>RETURN VALUES</h2> +<a name="id2543706"></a><h2>RETURN VALUES</h2> <p> Successful calls to <code class="function">lwres_lwpacket_renderheader()</code> and diff --git a/lib/lwres/man/lwres_resutil.html b/lib/lwres/man/lwres_resutil.html index b4de764..8f7f7b8 100644 --- a/lib/lwres/man/lwres_resutil.html +++ b/lib/lwres/man/lwres_resutil.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwres_resutil.html,v 1.26.484.1 2011-06-09 03:41:07 tbox Exp $ --> +<!-- $Id: lwres_resutil.html,v 1.26 2009-07-11 01:12:46 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476267"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>lwres_string_parse, lwres_addr_parse, lwres_getaddrsbyname, lwres_getnamebyaddr — lightweight resolver utility functions</p> @@ -134,7 +134,7 @@ lwres_result_t </div> </div> <div class="refsect1" lang="en"> -<a name="id2543464"></a><h2>DESCRIPTION</h2> +<a name="id2543466"></a><h2>DESCRIPTION</h2> <p><code class="function">lwres_string_parse()</code> retrieves a DNS-encoded string starting the current pointer of lightweight resolver buffer <em class="parameter"><code>b</code></em>: i.e. @@ -210,7 +210,7 @@ typedef struct { </p> </div> <div class="refsect1" lang="en"> -<a name="id2543603"></a><h2>RETURN VALUES</h2> +<a name="id2543605"></a><h2>RETURN VALUES</h2> <p> Successful calls to <code class="function">lwres_string_parse()</code> @@ -248,7 +248,7 @@ typedef struct { </p> </div> <div class="refsect1" lang="en"> -<a name="id2543674"></a><h2>SEE ALSO</h2> +<a name="id2543676"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">lwres_buffer</span>(3)</span>, <span class="citerefentry"><span class="refentrytitle">lwres_gabn</span>(3)</span>. diff --git a/lib/lwres/print.c b/lib/lwres/print.c index f461177..d4e15d7 100644 --- a/lib/lwres/print.c +++ b/lib/lwres/print.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: print.c,v 1.10 2007-06-19 23:47:22 tbox Exp $ */ +/* $Id: print.c,v 1.10.814.2 2011-03-12 04:59:19 tbox Exp $ */ #include <config.h> @@ -115,6 +115,7 @@ lwres__print_vsnprintf(char *str, size_t size, const char *format, va_list ap) { width = precision = 0; head = ""; length = pad = zeropad = 0; + POST(length); do { if (*format == '#') { |
