diff options
Diffstat (limited to 'contrib/bind9/lib/dns/include')
80 files changed, 2431 insertions, 926 deletions
diff --git a/contrib/bind9/lib/dns/include/Makefile.in b/contrib/bind9/lib/dns/include/Makefile.in index 593ad5a..b52cb98 100644 --- a/contrib/bind9/lib/dns/include/Makefile.in +++ b/contrib/bind9/lib/dns/include/Makefile.in @@ -1,7 +1,7 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2001 Internet Software Consortium. # -# Permission to use, copy, modify, and distribute this software for any +# Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.12.18.1 2004/12/09 04:41:46 marka Exp $ +# $Id: Makefile.in,v 1.15 2007/06/19 23:47:16 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/contrib/bind9/lib/dns/include/dns/Makefile.in b/contrib/bind9/lib/dns/include/dns/Makefile.in index 3f367bc..e9e049e 100644 --- a/contrib/bind9/lib/dns/include/dns/Makefile.in +++ b/contrib/bind9/lib/dns/include/dns/Makefile.in @@ -1,7 +1,7 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2003 Internet Software Consortium. # -# Permission to use, copy, modify, and distribute this software for any +# Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.50 2004/03/05 05:09:40 marka Exp $ +# $Id: Makefile.in,v 1.55 2008/11/14 23:47:33 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -23,14 +23,14 @@ top_srcdir = @top_srcdir@ HEADERS = acl.h adb.h byaddr.h cache.h callbacks.h \ cert.h compress.h \ - db.h dbiterator.h dbtable.h diff.h dispatch.h \ - dnssec.h ds.h events.h fixedname.h journal.h keyflags.h \ + db.h dbiterator.h dbtable.h diff.h dispatch.h dlz.h \ + dnssec.h ds.h events.h fixedname.h iptable.h journal.h keyflags.h \ keytable.h keyvalues.h lib.h log.h master.h masterdump.h \ message.h name.h ncache.h \ nsec.h peer.h portlist.h rbt.h rcode.h \ rdata.h rdataclass.h rdatalist.h rdataset.h rdatasetiter.h \ rdataslab.h rdatatype.h request.h resolver.h result.h \ - rootns.h sdb.h secalg.h secproto.h soa.h ssu.h \ + rootns.h sdb.h sdlz.h secalg.h secproto.h soa.h ssu.h \ tcpmsg.h time.h tkey.h \ tsig.h ttl.h types.h validator.h version.h view.h xfrin.h \ zone.h zonekey.h zt.h diff --git a/contrib/bind9/lib/dns/include/dns/acache.h b/contrib/bind9/lib/dns/include/dns/acache.h index 50d7fc1..28990c2 100644 --- a/contrib/bind9/lib/dns/include/dns/acache.h +++ b/contrib/bind9/lib/dns/include/dns/acache.h @@ -1,7 +1,7 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: acache.h,v 1.3.2.4 2006/05/03 00:07:49 marka Exp $ */ +/* $Id: acache.h,v 1.8 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_ACACHE_H #define DNS_ACACHE_H 1 diff --git a/contrib/bind9/lib/dns/include/dns/acl.h b/contrib/bind9/lib/dns/include/dns/acl.h index 34e394f..721fe51 100644 --- a/contrib/bind9/lib/dns/include/dns/acl.h +++ b/contrib/bind9/lib/dns/include/dns/acl.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: acl.h,v 1.22.18.4 2006/03/02 00:37:21 marka Exp $ */ +/* $Id: acl.h,v 1.31.206.2 2009/01/18 23:47:41 tbox Exp $ */ #ifndef DNS_ACL_H #define DNS_ACL_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/acl.h * \brief * Address match list handling. */ @@ -40,6 +40,7 @@ #include <dns/name.h> #include <dns/types.h> +#include <dns/iptable.h> /*** *** Types @@ -62,20 +63,21 @@ struct dns_aclipprefix { }; struct dns_aclelement { - dns_aclelemettype_t type; - isc_boolean_t negative; - union { - dns_aclipprefix_t ip_prefix; - dns_name_t keyname; - dns_acl_t *nestedacl; - } u; + dns_aclelemettype_t type; + isc_boolean_t negative; + dns_name_t keyname; + dns_acl_t *nestedacl; + int node_num; }; struct dns_acl { unsigned int magic; isc_mem_t *mctx; isc_refcount_t refcount; + dns_iptable_t *iptable; +#define node_count iptable->radix->num_added_node dns_aclelement_t *elements; + isc_boolean_t has_negatives; unsigned int alloc; /*%< Elements allocated */ unsigned int length; /*%< Elements initialized */ char *name; /*%< Temporary use only */ @@ -100,14 +102,9 @@ ISC_LANG_BEGINDECLS isc_result_t dns_acl_create(isc_mem_t *mctx, int n, dns_acl_t **target); /*%< - * Create a new ACL with room for 'n' elements. - * The elements are uninitialized and the length is 0. - */ - -isc_result_t -dns_acl_appendelement(dns_acl_t *acl, const dns_aclelement_t *elt); -/*%< - * Append an element to an existing ACL. + * Create a new ACL, including an IP table and an array with room + * for 'n' ACL elements. The elements are uninitialized and the + * length is 0. */ isc_result_t @@ -122,6 +119,30 @@ dns_acl_none(isc_mem_t *mctx, dns_acl_t **target); * Create a new ACL that matches nothing. */ +isc_boolean_t +dns_acl_isany(dns_acl_t *acl); +/*%< + * Test whether ACL is set to "{ any; }" + */ + +isc_boolean_t +dns_acl_isnone(dns_acl_t *acl); +/*%< + * Test whether ACL is set to "{ none; }" + */ + +isc_result_t +dns_acl_merge(dns_acl_t *dest, dns_acl_t *source, isc_boolean_t pos); +/*%< + * Merge the contents of one ACL into another. Call dns_iptable_merge() + * for the IP tables, then concatenate the element arrays. + * + * If pos is set to false, then the nested ACL is to be negated. This + * means reverse the sense of each *positive* element or IP table node, + * but leave negatives alone, so as to prevent a double-negative causing + * an unexpected positive match in the parent ACL. + */ + void dns_acl_attach(dns_acl_t *source, dns_acl_t **target); @@ -129,17 +150,11 @@ void dns_acl_detach(dns_acl_t **aclp); isc_boolean_t -dns_aclelement_equal(const dns_aclelement_t *ea, const dns_aclelement_t *eb); - -isc_boolean_t -dns_acl_equal(const dns_acl_t *a, const dns_acl_t *b); - -isc_boolean_t dns_acl_isinsecure(const dns_acl_t *a); /*%< * Return #ISC_TRUE iff the acl 'a' is considered insecure, that is, * if it contains IP addresses other than those of the local host. - * This is intended for applications such as printing warning + * This is intended for applications such as printing warning * messages for suspect ACLs; it is not intended for making access * control decisions. We make no guarantee that an ACL for which * this function returns #ISC_FALSE is safe. @@ -147,6 +162,9 @@ dns_acl_isinsecure(const dns_acl_t *a); isc_result_t dns_aclenv_init(isc_mem_t *mctx, dns_aclenv_t *env); +/*%< + * Initialize ACL environment, setting up localhost and localnets ACLs + */ void dns_aclenv_copy(dns_aclenv_t *t, dns_aclenv_t *s); @@ -168,19 +186,17 @@ dns_acl_match(const isc_netaddr_t *reqaddr, * Match the address 'reqaddr', and optionally the key name 'reqsigner', * against 'acl'. 'reqsigner' may be NULL. * - * If there is a positive match, '*match' will be set to a positive value - * indicating the distance from the beginning of the list. - * - * If there is a negative match, '*match' will be set to a negative value - * whose absolute value indicates the distance from the beginning of - * the list. - * - * If there is a match (either positive or negative) and 'matchelt' is - * non-NULL, *matchelt will be attached to the primitive - * (non-indirect) address match list element that matched. + * If there is a match, '*match' will be set to an integer whose absolute + * value corresponds to the order in which the matching value was inserted + * into the ACL. For a positive match, this value will be positive; for a + * negative match, it will be negative. * * If there is no match, *match will be set to zero. * + * If there is a match in the element list (either positive or negative) + * and 'matchelt' is non-NULL, *matchelt will be pointed to the matching + * element. + * * Returns: *\li #ISC_R_SUCCESS Always succeeds. */ @@ -189,34 +205,18 @@ isc_boolean_t dns_aclelement_match(const isc_netaddr_t *reqaddr, const dns_name_t *reqsigner, const dns_aclelement_t *e, - const dns_aclenv_t *env, + const dns_aclenv_t *env, const dns_aclelement_t **matchelt); /*%< * Like dns_acl_match, but matches against the single ACL element 'e' - * rather than a complete list and returns ISC_TRUE iff it matched. - * To determine whether the match was prositive or negative, the + * rather than a complete ACL, and returns ISC_TRUE iff it matched. + * + * To determine whether the match was positive or negative, the * caller should examine e->negative. Since the element 'e' may be - * a reference to a named ACL or a nested ACL, the matching element + * a reference to a named ACL or a nested ACL, a matching element * returned through 'matchelt' is not necessarily 'e' itself. */ -isc_result_t -dns_acl_elementmatch(const dns_acl_t *acl, - const dns_aclelement_t *elt, - const dns_aclelement_t **matchelt); -/*%< - * Search for an ACL element in 'acl' which is exactly the same as 'elt'. - * If there is one, and 'matchelt' is non NULL, then '*matchelt' will point - * to the entry. - * - * This function is intended to be used for avoiding duplicated ACL entries - * before adding an entry. - * - * Returns: - *\li #ISC_R_SUCCESS Match succeeds. - *\li #ISC_R_NOTFOUND Match fails. - */ - ISC_LANG_ENDDECLS #endif /* DNS_ACL_H */ diff --git a/contrib/bind9/lib/dns/include/dns/adb.h b/contrib/bind9/lib/dns/include/dns/adb.h index 1e3cd61..d4ac40c 100644 --- a/contrib/bind9/lib/dns/include/dns/adb.h +++ b/contrib/bind9/lib/dns/include/dns/adb.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: adb.h,v 1.76.18.3 2005/06/23 04:23:16 marka Exp $ */ +/* $Id: adb.h,v 1.85 2008/04/03 06:09:04 tbox Exp $ */ #ifndef DNS_ADB_H #define DNS_ADB_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/adb.h *\brief * DNS Address Database * @@ -99,7 +99,7 @@ ISC_LANG_BEGINDECLS typedef struct dns_adbname dns_adbname_t; -/*! +/*! *\brief * Represents a lookup for a single name. * @@ -220,7 +220,7 @@ struct dns_adbaddrinfo { ISC_LINK(dns_adbaddrinfo_t) publink; }; -/*!< +/*!< * The event sent to the caller task is just a plain old isc_event_t. It * contains no data other than a simple status, passed in the "type" field * to indicate that another address resolved, or all partially resolved @@ -345,7 +345,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, * * If no events will be generated, the *find->result_v4 and/or result_v6 * members may be examined for address lookup status. The usual #ISC_R_SUCCESS, - * #ISC_R_FAILURE, and #DNS_R_NX{DOMAIN,RRSET} are returned, along with + * #ISC_R_FAILURE, #DNS_R_NXDOMAIN, and #DNS_R_NXRRSET are returned, along with * #ISC_R_NOTFOUND meaning the ADB has not _yet_ found the values. In this * latter case, retrying may produce more addresses. * @@ -520,7 +520,7 @@ void dns_adb_adjustsrtt(dns_adb_t *adb, dns_adbaddrinfo_t *addr, unsigned int rtt, unsigned int factor); /*%< - * Mix the round trip time into the existing smoothed rtt. + * Mix the round trip time into the existing smoothed rtt. * The formula used * (where srtt is the existing rtt value, and rtt and factor are arguments to @@ -623,13 +623,12 @@ void dns_adb_flushname(dns_adb_t *adb, dns_name_t *name); /*%< * Flush 'name' from the adb cache. - * + * * Requires: *\li 'adb' is valid. *\li 'name' is valid. */ - ISC_LANG_ENDDECLS #endif /* DNS_ADB_H */ diff --git a/contrib/bind9/lib/dns/include/dns/bit.h b/contrib/bind9/lib/dns/include/dns/bit.h index 770f294..28c733d 100644 --- a/contrib/bind9/lib/dns/include/dns/bit.h +++ b/contrib/bind9/lib/dns/include/dns/bit.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: bit.h,v 1.8.18.2 2005/04/29 00:16:09 marka Exp $ */ +/* $Id: bit.h,v 1.14 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_BIT_H #define DNS_BIT_H 1 -/*! \file */ +/*! \file dns/bit.h */ #include <isc/int.h> #include <isc/boolean.h> diff --git a/contrib/bind9/lib/dns/include/dns/byaddr.h b/contrib/bind9/lib/dns/include/dns/byaddr.h index 1f1e88c..edf8430 100644 --- a/contrib/bind9/lib/dns/include/dns/byaddr.h +++ b/contrib/bind9/lib/dns/include/dns/byaddr.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: byaddr.h,v 1.16.18.2 2005/04/29 00:16:09 marka Exp $ */ +/* $Id: byaddr.h,v 1.22 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_BYADDR_H #define DNS_BYADDR_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/byaddr.h * \brief * The byaddr module provides reverse lookup services for IPv4 and IPv6 * addresses. @@ -121,8 +121,8 @@ dns_byaddr_cancel(dns_byaddr_t *byaddr); * * Notes: * - *\li If 'byaddr' has not completed, post its #BYADDRDONE event with a - * result code of #ISC_R_CANCELED. + *\li If 'byaddr' has not completed, post its #DNS_EVENT_BYADDRDONE + * event with a result code of #ISC_R_CANCELED. * * Requires: * @@ -138,8 +138,8 @@ dns_byaddr_destroy(dns_byaddr_t **byaddrp); * *\li '*byaddrp' is a valid byaddr. * - *\li The caller has received the BYADDRDONE event (either because the - * byaddr completed or because dns_byaddr_cancel() was called). + *\li The caller has received the #DNS_EVENT_BYADDRDONE event (either because + * the byaddr completed or because dns_byaddr_cancel() was called). * * Ensures: * diff --git a/contrib/bind9/lib/dns/include/dns/cache.h b/contrib/bind9/lib/dns/include/dns/cache.h index fc4f78e..7b37235 100644 --- a/contrib/bind9/lib/dns/include/dns/cache.h +++ b/contrib/bind9/lib/dns/include/dns/cache.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cache.h,v 1.19.18.3 2005/08/23 02:31:38 marka Exp $ */ +/* $Id: cache.h,v 1.26 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_CACHE_H #define DNS_CACHE_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/cache.h * \brief * Defines dns_cache_t, the cache object. * diff --git a/contrib/bind9/lib/dns/include/dns/callbacks.h b/contrib/bind9/lib/dns/include/dns/callbacks.h index 6aee70b..8a8385a 100644 --- a/contrib/bind9/lib/dns/include/dns/callbacks.h +++ b/contrib/bind9/lib/dns/include/dns/callbacks.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: callbacks.h,v 1.18.18.2 2005/04/29 00:16:10 marka Exp $ */ +/* $Id: callbacks.h,v 1.24 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_CALLBACKS_H #define DNS_CALLBACKS_H 1 -/*! \file */ +/*! \file dns/callbacks.h */ /*** *** Imports diff --git a/contrib/bind9/lib/dns/include/dns/cert.h b/contrib/bind9/lib/dns/include/dns/cert.h index 4de1aec..1cda848 100644 --- a/contrib/bind9/lib/dns/include/dns/cert.h +++ b/contrib/bind9/lib/dns/include/dns/cert.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cert.h,v 1.13.18.2 2005/04/29 00:16:10 marka Exp $ */ +/* $Id: cert.h,v 1.19 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_CERT_H #define DNS_CERT_H 1 -/*! \file */ +/*! \file dns/cert.h */ #include <isc/lang.h> diff --git a/contrib/bind9/lib/dns/include/dns/compress.h b/contrib/bind9/lib/dns/include/dns/compress.h index 4d9c011..4632aff 100644 --- a/contrib/bind9/lib/dns/include/dns/compress.h +++ b/contrib/bind9/lib/dns/include/dns/compress.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: compress.h,v 1.32.18.6 2006/03/02 00:37:21 marka Exp $ */ +/* $Id: compress.h,v 1.40.332.2 2009/01/18 23:47:41 tbox Exp $ */ #ifndef DNS_COMPRESS_H #define DNS_COMPRESS_H 1 @@ -32,7 +32,7 @@ ISC_LANG_BEGINDECLS #define DNS_COMPRESS_ALL 0x01 /*%< all compression. */ #define DNS_COMPRESS_CASESENSITIVE 0x02 /*%< case sensitive compression. */ -/*! \file +/*! \file dns/compress.h * Direct manipulation of the structures is strongly discouraged. */ @@ -77,7 +77,7 @@ struct dns_decompress { isc_result_t dns_compress_init(dns_compress_t *cctx, int edns, isc_mem_t *mctx); /*%< - * Inialise the compression context structure pointed to by 'cctx'. + * Initialise the compression context structure pointed to by 'cctx'. * * Requires: * \li 'cctx' is a valid dns_compress_t structure. @@ -136,7 +136,7 @@ dns_compress_setsensitive(dns_compress_t *cctx, isc_boolean_t sensitive); isc_boolean_t dns_compress_getsensitive(dns_compress_t *cctx); /* - * Return whether case is to be preservered when compressing + * Return whether case is to be preserved when compressing * domain names. * * Requires: diff --git a/contrib/bind9/lib/dns/include/dns/db.h b/contrib/bind9/lib/dns/include/dns/db.h index b03ae57..3b78208 100644 --- a/contrib/bind9/lib/dns/include/dns/db.h +++ b/contrib/bind9/lib/dns/include/dns/db.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: db.h,v 1.76.18.10 2007/08/28 07:20:05 tbox Exp $ */ +/* $Id: db.h,v 1.93.50.3 2009/01/18 23:25:17 marka Exp $ */ #ifndef DNS_DB_H #define DNS_DB_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/db.h * \brief * The DNS DB interface allows named rdatasets to be stored and retrieved. * @@ -111,8 +111,7 @@ typedef struct dns_dbmethods { isc_stdtime_t now); void (*printnode)(dns_db_t *db, dns_dbnode_t *node, FILE *out); - isc_result_t (*createiterator)(dns_db_t *db, - isc_boolean_t relative_names, + isc_result_t (*createiterator)(dns_db_t *db, unsigned int options, dns_dbiterator_t **iteratorp); isc_result_t (*findrdataset)(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, @@ -146,6 +145,28 @@ typedef struct dns_dbmethods { void (*overmem)(dns_db_t *db, isc_boolean_t overmem); void (*settask)(dns_db_t *db, isc_task_t *); isc_result_t (*getoriginnode)(dns_db_t *db, dns_dbnode_t **nodep); + void (*transfernode)(dns_db_t *db, dns_dbnode_t **sourcep, + dns_dbnode_t **targetp); + isc_result_t (*getnsec3parameters)(dns_db_t *db, + dns_dbversion_t *version, + dns_hash_t *hash, + isc_uint8_t *flags, + isc_uint16_t *iterations, + unsigned char *salt, + size_t *salt_len); + isc_result_t (*findnsec3node)(dns_db_t *db, dns_name_t *name, + isc_boolean_t create, + dns_dbnode_t **nodep); + isc_result_t (*setsigningtime)(dns_db_t *db, + dns_rdataset_t *rdataset, + isc_stdtime_t resign); + isc_result_t (*getsigningtime)(dns_db_t *db, + dns_rdataset_t *rdataset, + dns_name_t *name); + void (*resigned)(dns_db_t *db, dns_rdataset_t *rdataset, + dns_dbversion_t *version); + isc_boolean_t (*isdnssec)(dns_db_t *db); + dns_stats_t *(*getrrsetstats)(dns_db_t *db); } dns_dbmethods_t; typedef isc_result_t @@ -153,7 +174,7 @@ typedef isc_result_t dns_dbtype_t type, dns_rdataclass_t rdclass, unsigned int argc, char *argv[], void *driverarg, dns_db_t **dbp); - + #define DNS_DB_MAGIC ISC_MAGIC('D','N','S','D') #define DNS_DB_VALID(db) ISC_MAGIC_VALID(db, DNS_DB_MAGIC) @@ -191,6 +212,7 @@ struct dns_db { #define DNS_DBFIND_NOEXACT 0x10 #define DNS_DBFIND_FORCENSEC 0x20 #define DNS_DBFIND_COVERINGNSEC 0x40 +#define DNS_DBFIND_FORCENSEC3 0x80 /*@}*/ /*@{*/ @@ -208,6 +230,15 @@ struct dns_db { */ #define DNS_DBSUB_EXACT 0x01 +/*@{*/ +/*% + * Iterator options + */ +#define DNS_DB_RELATIVENAMES 0x1 +#define DNS_DB_NSEC3ONLY 0x2 +#define DNS_DB_NONSEC3 0x4 +/*@}*/ + /***** ***** Methods *****/ @@ -355,6 +386,20 @@ dns_db_issecure(dns_db_t *db); * \li #ISC_FALSE 'db' is not secure. */ +isc_boolean_t +dns_db_isdnssec(dns_db_t *db); +/*%< + * Is 'db' secure or partially secure? + * + * Requires: + * + * \li 'db' is a valid database with zone semantics. + * + * Returns: + * \li #ISC_TRUE 'db' is secure or is partially. + * \li #ISC_FALSE 'db' is not secure. + */ + dns_name_t * dns_db_origin(dns_db_t *db); /*%< @@ -626,7 +671,7 @@ dns_db_findnode(dns_db_t *db, dns_name_t *name, isc_boolean_t create, * * \li #ISC_R_SUCCESS * \li #ISC_R_NOTFOUND If !create and name not found. - * \li #ISC_R_NOMEMORY Can only happen if create is ISC_TRUE. + * \li #ISC_R_NOMEMORY Can only happen if create is ISC_TRUE. * * \li Other results are possible, depending upon the database * implementation used. @@ -785,8 +830,8 @@ dns_db_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, * name, and 'rdataset' contains * the negative caching proof. * - * \li #DNS_R_EMPTYNAME The name exists but there is - * no data at the name. + * \li #DNS_R_EMPTYNAME The name exists but there is + * no data at the name. * * \li #DNS_R_COVERINGNSEC The returned data is a NSEC * that potentially covers 'name'. @@ -883,6 +928,27 @@ dns_db_detachnode(dns_db_t *db, dns_dbnode_t **nodep); * \li *nodep is NULL. */ +void +dns_db_transfernode(dns_db_t *db, dns_dbnode_t **sourcep, + dns_dbnode_t **targetp); +/*%< + * Transfer a node between pointer. + * + * This is equivalent to calling dns_db_attachnode() then dns_db_detachnode(). + * + * Requires: + * + * \li 'db' is a valid database. + * + * \li '*sourcep' is a valid node. + * + * \li 'targetp' points to a NULL dns_dbnode_t *. + * + * Ensures: + * + * \li '*sourcep' is NULL. + */ + isc_result_t dns_db_expirenode(dns_db_t *db, dns_dbnode_t *node, isc_stdtime_t now); /*%< @@ -917,16 +983,17 @@ dns_db_printnode(dns_db_t *db, dns_dbnode_t *node, FILE *out); ***/ isc_result_t -dns_db_createiterator(dns_db_t *db, isc_boolean_t relative_names, +dns_db_createiterator(dns_db_t *db, unsigned int options, dns_dbiterator_t **iteratorp); /*%< * Create an iterator for version 'version' of 'db'. * * Notes: * - * \li If 'relative_names' is ISC_TRUE, then node names returned by the - * iterator will be relative to the iterator's current origin. If - * #ISC_FALSE, then the node names will be absolute. + * \li One or more of the following options can be set. + * #DNS_DB_RELATIVENAMES + * #DNS_DB_NSEC3ONLY + * #DNS_DB_NONSEC3 * * Requires: * @@ -1005,7 +1072,7 @@ isc_result_t dns_db_allrdatasets(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, isc_stdtime_t now, dns_rdatasetiter_t **iteratorp); /*%< - * Make '*iteratorp' an rdataset iteratator for all rdatasets at 'node' in + * Make '*iteratorp' an rdataset iterator for all rdatasets at 'node' in * version 'version' of 'db'. * * Notes: @@ -1192,7 +1259,7 @@ dns_db_getsoaserial(dns_db_t *db, dns_dbversion_t *ver, isc_uint32_t *serialp); void dns_db_overmem(dns_db_t *db, isc_boolean_t overmem); /*%< - * Enable / disable agressive cache cleaning. + * Enable / disable aggressive cache cleaning. */ unsigned int @@ -1262,7 +1329,7 @@ dns_db_register(const char *name, dns_dbcreatefunc_t create, void *driverarg, void dns_db_unregister(dns_dbimplementation_t **dbimp); /*%< - * Remove a database implementation from the the list of supported + * Remove a database implementation from the list of supported * implementations. No databases of this type can be active when this * is called. * @@ -1294,6 +1361,117 @@ dns_db_getoriginnode(dns_db_t *db, dns_dbnode_t **nodep); * \li #ISC_R_NOTFOUND - the DB implementation does not support this feature. */ +isc_result_t +dns_db_getnsec3parameters(dns_db_t *db, dns_dbversion_t *version, + dns_hash_t *hash, isc_uint8_t *flags, + isc_uint16_t *interations, + unsigned char *salt, size_t *salt_length); +/*%< + * Get the NSEC3 parameters that are associated with this zone. + * + * Requires: + * \li 'db' is a valid zone database. + * + * Returns: + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOTFOUND - the DB implementation does not support this feature + * or this zone does not have NSEC3 records. + */ + +isc_result_t +dns_db_findnsec3node(dns_db_t *db, dns_name_t *name, + isc_boolean_t create, dns_dbnode_t **nodep); +/*%< + * Find the NSEC3 node with name 'name'. + * + * Notes: + * \li If 'create' is ISC_TRUE and no node with name 'name' exists, then + * such a node will be created. + * + * Requires: + * + * \li 'db' is a valid database. + * + * \li 'name' is a valid, non-empty, absolute name. + * + * \li nodep != NULL && *nodep == NULL + * + * Ensures: + * + * \li On success, *nodep is attached to the node with name 'name'. + * + * Returns: + * + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOTFOUND If !create and name not found. + * \li #ISC_R_NOMEMORY Can only happen if create is ISC_TRUE. + * + * \li Other results are possible, depending upon the database + * implementation used. + */ + +isc_result_t +dns_db_setsigningtime(dns_db_t *db, dns_rdataset_t *rdataset, + isc_stdtime_t resign); +/*%< + * Sets the re-signing time associated with 'rdataset' to 'resign'. + * + * Requires: + * \li 'db' is a valid zone database. + * \li 'rdataset' to be associated with 'db'. + * + * Returns: + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOMEMORY + * \li #ISC_R_NOTIMPLEMENTED - Not supported by this DB implementation. + */ + +isc_result_t +dns_db_getsigningtime(dns_db_t *db, dns_rdataset_t *rdataset, dns_name_t *name); +/*%< + * Return the rdataset with the earliest signing time in the zone. + * Note: the rdataset is version agnostic. + * + * Requires: + * \li 'db' is a valid zone database. + * \li 'rdataset' to be initialized but not associated. + * \li 'name' to be NULL or have a buffer associated with it. + * + * Returns: + * \li #ISC_R_SUCCESS + * \li #ISC_R_NOTFOUND - No dataset exists. + */ + +void +dns_db_resigned(dns_db_t *db, dns_rdataset_t *rdataset, + dns_dbversion_t *version); +/*%< + * Mark 'rdataset' as not being available to be returned by + * dns_db_getsigningtime(). If the changes associated with 'version' + * are committed this will be permanent. If the version is not committed + * this change will be rolled back when the version is closed. + * + * Requires: + * \li 'db' is a valid zone database. + * \li 'rdataset' to be associated with 'db'. + * \li 'version' to be open for writing. + */ + +dns_stats_t * +dns_db_getrrsetstats(dns_db_t *db); +/*%< + * Get statistics information counting RRsets stored in the DB, when available. + * The statistics may not be available depending on the DB implementation. + * + * Requires: + * + * \li 'db' is a valid database (zone or cache). + * + * Returns: + * \li when available, a pointer to a statistics object created by + * dns_rdatasetstats_create(); otherwise NULL. + */ + ISC_LANG_ENDDECLS #endif /* DNS_DB_H */ diff --git a/contrib/bind9/lib/dns/include/dns/dbiterator.h b/contrib/bind9/lib/dns/include/dns/dbiterator.h index 47ce082..366d676 100644 --- a/contrib/bind9/lib/dns/include/dns/dbiterator.h +++ b/contrib/bind9/lib/dns/include/dns/dbiterator.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dbiterator.h,v 1.19.18.2 2005/04/29 00:16:11 marka Exp $ */ +/* $Id: dbiterator.h,v 1.25 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_DBITERATOR_H #define DNS_DBITERATOR_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/dbiterator.h * \brief * The DNS DB Iterator interface allows iteration of all of the nodes in a * database. diff --git a/contrib/bind9/lib/dns/include/dns/dbtable.h b/contrib/bind9/lib/dns/include/dns/dbtable.h index 18d3e50..503de95 100644 --- a/contrib/bind9/lib/dns/include/dns/dbtable.h +++ b/contrib/bind9/lib/dns/include/dns/dbtable.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dbtable.h,v 1.17.18.2 2005/04/29 00:16:11 marka Exp $ */ +/* $Id: dbtable.h,v 1.23 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_DBTABLE_H #define DNS_DBTABLE_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/dbtable.h * \brief * DNS DB Tables * diff --git a/contrib/bind9/lib/dns/include/dns/diff.h b/contrib/bind9/lib/dns/include/dns/diff.h index cd96a0b..a13b678 100644 --- a/contrib/bind9/lib/dns/include/dns/diff.h +++ b/contrib/bind9/lib/dns/include/dns/diff.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: diff.h,v 1.6.18.2 2005/04/29 00:16:12 marka Exp $ */ +/* $Id: diff.h,v 1.15.120.2 2009/01/18 23:47:41 tbox Exp $ */ #ifndef DNS_DIFF_H #define DNS_DIFF_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/diff.h * \brief * A diff is a convenience type representing a list of changes to be * made to a database. @@ -59,12 +59,18 @@ * individual RRs of a "RRset exists (value dependent)" * prerequisite set. In this case, op==DNS_DIFFOP_EXISTS, * and the TTL is ignored. + * + * DNS_DIFFOP_*RESIGN will cause the 'resign' attribute of the resulting + * RRset to be recomputed to be 'resign' seconds before the earliest RRSIG + * timeexpire. */ typedef enum { - DNS_DIFFOP_ADD, /*%< Add an RR. */ - DNS_DIFFOP_DEL, /*%< Delete an RR. */ - DNS_DIFFOP_EXISTS /*%< Assert RR existence. */ + DNS_DIFFOP_ADD = 0, /*%< Add an RR. */ + DNS_DIFFOP_DEL = 1, /*%< Delete an RR. */ + DNS_DIFFOP_EXISTS = 2, /*%< Assert RR existence. */ + DNS_DIFFOP_ADDRESIGN = 4, /*%< ADD + RESIGN. */ + DNS_DIFFOP_DELRESIGN = 5, /*%< DEL + RESIGN. */ } dns_diffop_t; typedef struct dns_difftuple dns_difftuple_t; @@ -73,7 +79,7 @@ typedef struct dns_difftuple dns_difftuple_t; #define DNS_DIFFTUPLE_VALID(t) ISC_MAGIC_VALID(t, DNS_DIFFTUPLE_MAGIC) struct dns_difftuple { - unsigned int magic; + unsigned int magic; isc_mem_t *mctx; dns_diffop_t op; dns_name_t name; @@ -96,10 +102,15 @@ typedef struct dns_diff dns_diff_t; struct dns_diff { unsigned int magic; isc_mem_t * mctx; + /* + * Set the 'resign' attribute to this many second before the + * earliest RRSIG timeexpire. + */ + isc_uint32_t resign; ISC_LIST(dns_difftuple_t) tuples; }; -/* Type of comparision function for sorting diffs. */ +/* Type of comparison function for sorting diffs. */ typedef int dns_diff_compare_func(const void *, const void *); /*** @@ -110,7 +121,7 @@ ISC_LANG_BEGINDECLS /**************************************************************************/ /* - * Maniuplation of diffs and tuples. + * Manipulation of diffs and tuples. */ isc_result_t diff --git a/contrib/bind9/lib/dns/include/dns/dispatch.h b/contrib/bind9/lib/dns/include/dns/dispatch.h index 8c14320..96a44fe 100644 --- a/contrib/bind9/lib/dns/include/dns/dispatch.h +++ b/contrib/bind9/lib/dns/include/dns/dispatch.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dispatch.h,v 1.48.18.9 2008/06/24 23:45:55 tbox Exp $ */ +/* $Id: dispatch.h,v 1.60.82.2 2009/01/29 23:47:44 tbox Exp $ */ #ifndef DNS_DISPATCH_H #define DNS_DISPATCH_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/dispatch.h * \brief * DNS Dispatch Management * Shared UDP and single-use TCP dispatches for queries and responses. @@ -55,7 +55,7 @@ #include <isc/buffer.h> #include <isc/lang.h> #include <isc/socket.h> -#include <dns/types.h> +#include <isc/types.h> #include <dns/types.h> @@ -222,6 +222,21 @@ dns_dispatchmgr_setavailports(dns_dispatchmgr_t *mgr, isc_portset_t *v4portset, *\li v6portset is NULL or a valid port set */ +void +dns_dispatchmgr_setstats(dns_dispatchmgr_t *mgr, isc_stats_t *stats); +/*%< + * Sets statistics counter for the dispatchmgr. This function is expected to + * be called only on zone creation (when necessary). + * Once installed, it cannot be removed or replaced. Also, there is no + * interface to get the installed stats from the zone; the caller must keep the + * stats to reference (e.g. dump) it later. + * + * Requires: + *\li mgr is a valid dispatchmgr with no managed dispatch. + *\li stats is a valid statistics supporting resolver statistics counters + * (see dns/stats.h). + */ + isc_result_t dns_dispatch_getudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, isc_taskmgr_t *taskmgr, isc_sockaddr_t *localaddr, diff --git a/contrib/bind9/lib/dns/include/dns/dlz.h b/contrib/bind9/lib/dns/include/dns/dlz.h index 4c61c91..75ba99f 100644 --- a/contrib/bind9/lib/dns/include/dns/dlz.h +++ b/contrib/bind9/lib/dns/include/dns/dlz.h @@ -1,8 +1,8 @@ /* - * Portions Copyright (C) 2005 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2005-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -50,9 +50,9 @@ * USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dlz.h,v 1.2.2.2 2005/09/06 03:47:18 marka Exp $ */ +/* $Id: dlz.h,v 1.7.332.2 2009/01/18 23:47:41 tbox Exp $ */ -/*! \file */ +/*! \file dns/dlz.h */ #ifndef DLZ_H #define DLZ_H 1 @@ -133,7 +133,7 @@ typedef void /*%< * Method prototype. Drivers implementing the DLZ interface MUST * supply a destroy method. This method is called when the DNS server - * is shuting down and no longer needs the driver. + * is shutting down and no longer needs the driver. */ typedef isc_result_t @@ -157,7 +157,7 @@ typedef isc_result_t * \li 3) we run out of domain name labels. I.E. we have tried the * shortest domain name * \li 4) the number of labels in the domain name is less than - * min_lables for dns_dlzfindzone + * min_labels for dns_dlzfindzone * * The driver's find zone method should return ISC_R_SUCCESS and a * database pointer to the name server if the zone is supported by the @@ -202,7 +202,7 @@ dns_dlzallowzonexfr(dns_view_t *view, dns_name_t *name, /*%< * This method is called when the DNS server is performing a zone - * transfer query. It will call the DLZ driver's allow zone tranfer + * transfer query. It will call the DLZ driver's allow zone transfer * method. */ @@ -223,7 +223,7 @@ void dns_dlzdestroy(dns_dlzdb_t **dbp); /*%< - * This method is called when the DNS server is shuting down and no + * This method is called when the DNS server is shutting down and no * longer needs the driver. If the DLZ driver supplies a destroy * methods, this function will call it. */ diff --git a/contrib/bind9/lib/dns/include/dns/dnssec.h b/contrib/bind9/lib/dns/include/dns/dnssec.h index 2804e03..f8a59d0 100644 --- a/contrib/bind9/lib/dns/include/dns/dnssec.h +++ b/contrib/bind9/lib/dns/include/dns/dnssec.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec.h,v 1.26.18.2 2005/04/29 00:16:12 marka Exp $ */ +/* $Id: dnssec.h,v 1.32 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_DNSSEC_H #define DNS_DNSSEC_H 1 -/*! \file */ +/*! \file dns/dnssec.h */ #include <isc/lang.h> #include <isc/stdtime.h> diff --git a/contrib/bind9/lib/dns/include/dns/ds.h b/contrib/bind9/lib/dns/include/dns/ds.h index 5e4cc40..b59fb83 100644 --- a/contrib/bind9/lib/dns/include/dns/ds.h +++ b/contrib/bind9/lib/dns/include/dns/ds.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ds.h,v 1.3.20.5 2006/02/22 23:50:09 marka Exp $ */ +/* $Id: ds.h,v 1.10 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_DS_H #define DNS_DS_H 1 diff --git a/contrib/bind9/lib/dns/include/dns/events.h b/contrib/bind9/lib/dns/include/dns/events.h index d1ebef3..bb61b9d 100644 --- a/contrib/bind9/lib/dns/include/dns/events.h +++ b/contrib/bind9/lib/dns/include/dns/events.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,14 +15,14 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: events.h,v 1.42.18.3 2005/04/29 00:16:13 marka Exp $ */ +/* $Id: events.h,v 1.49.332.2 2009/05/07 23:47:12 tbox Exp $ */ #ifndef DNS_EVENTS_H #define DNS_EVENTS_H 1 #include <isc/eventclass.h> -/*! \file +/*! \file dns/events.h * \brief * Registry of DNS event numbers. */ @@ -68,6 +68,7 @@ #define DNS_EVENT_ACACHECONTROL (ISC_EVENTCLASS_DNS + 38) #define DNS_EVENT_ACACHECLEAN (ISC_EVENTCLASS_DNS + 39) #define DNS_EVENT_ACACHEOVERMEM (ISC_EVENTCLASS_DNS + 40) +#define DNS_EVENT_RBTPRUNE (ISC_EVENTCLASS_DNS + 41) #define DNS_EVENT_FIRSTEVENT (ISC_EVENTCLASS_DNS + 0) #define DNS_EVENT_LASTEVENT (ISC_EVENTCLASS_DNS + 65535) diff --git a/contrib/bind9/lib/dns/include/dns/fixedname.h b/contrib/bind9/lib/dns/include/dns/fixedname.h index 8380de6..5a2aaf3 100644 --- a/contrib/bind9/lib/dns/include/dns/fixedname.h +++ b/contrib/bind9/lib/dns/include/dns/fixedname.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: fixedname.h,v 1.13.18.2 2005/04/29 00:16:13 marka Exp $ */ +/* $Id: fixedname.h,v 1.19 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_FIXEDNAME_H #define DNS_FIXEDNAME_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/fixedname.h * \brief * Fixed-size Names * diff --git a/contrib/bind9/lib/dns/include/dns/forward.h b/contrib/bind9/lib/dns/include/dns/forward.h index ddf6d7f..512c5e3 100644 --- a/contrib/bind9/lib/dns/include/dns/forward.h +++ b/contrib/bind9/lib/dns/include/dns/forward.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: forward.h,v 1.3.18.3 2005/04/27 05:01:33 sra Exp $ */ +/* $Id: forward.h,v 1.11 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_FORWARD_H #define DNS_FORWARD_H 1 -/*! \file */ +/*! \file dns/forward.h */ #include <isc/lang.h> #include <isc/result.h> diff --git a/contrib/bind9/lib/dns/include/dns/iptable.h b/contrib/bind9/lib/dns/include/dns/iptable.h new file mode 100644 index 0000000..d7eb140 --- /dev/null +++ b/contrib/bind9/lib/dns/include/dns/iptable.h @@ -0,0 +1,70 @@ +/* + * Copyright (C) 2007 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: iptable.h,v 1.4 2007/09/14 01:46:05 marka Exp $ */ + +#ifndef DNS_IPTABLE_H +#define DNS_IPTABLE_H 1 + +#include <isc/lang.h> +#include <isc/magic.h> +#include <isc/radix.h> + +struct dns_iptable { + unsigned int magic; + isc_mem_t *mctx; + isc_refcount_t refcount; + isc_radix_tree_t *radix; + ISC_LINK(dns_iptable_t) nextincache; +}; + +#define DNS_IPTABLE_MAGIC ISC_MAGIC('T','a','b','l') +#define DNS_IPTABLE_VALID(a) ISC_MAGIC_VALID(a, DNS_IPTABLE_MAGIC) + +/*** + *** Functions + ***/ + +ISC_LANG_BEGINDECLS + +isc_result_t +dns_iptable_create(isc_mem_t *mctx, dns_iptable_t **target); +/* + * Create a new IP table and the underlying radix structure + */ + +isc_result_t +dns_iptable_addprefix(dns_iptable_t *tab, isc_netaddr_t *addr, + isc_uint16_t bitlen, isc_boolean_t pos); +/* + * Add an IP prefix to an existing IP table + */ + +isc_result_t +dns_iptable_merge(dns_iptable_t *tab, dns_iptable_t *source, isc_boolean_t pos); +/* + * Merge one IP table into another one. + */ + +void +dns_iptable_attach(dns_iptable_t *source, dns_iptable_t **target); + +void +dns_iptable_detach(dns_iptable_t **tabp); + +ISC_LANG_ENDDECLS + +#endif /* DNS_IPTABLE_H */ diff --git a/contrib/bind9/lib/dns/include/dns/journal.h b/contrib/bind9/lib/dns/include/dns/journal.h index b776a30..3917d8d 100644 --- a/contrib/bind9/lib/dns/include/dns/journal.h +++ b/contrib/bind9/lib/dns/include/dns/journal.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: journal.h,v 1.25.18.2 2005/04/29 00:16:13 marka Exp $ */ +/* $Id: journal.h,v 1.33.120.2 2009/01/18 23:47:41 tbox Exp $ */ #ifndef DNS_JOURNAL_H #define DNS_JOURNAL_H 1 @@ -24,9 +24,9 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/journal.h * \brief - * Database journalling. + * Database journaling. */ /*** @@ -42,6 +42,11 @@ #include <dns/types.h> /*** + *** Defines. + ***/ +#define DNS_JOURNALOPT_RESIGN 0x00000001 + +/*** *** Types ***/ @@ -188,7 +193,7 @@ dns_journal_iter_init(dns_journal_t *j, * Returns: *\li ISC_R_SUCCESS *\li ISC_R_RANGE begin_serial is outside the addressable range. - *\li ISC_R_NOTFOUND begin_serial is within the range of adressable + *\li ISC_R_NOTFOUND begin_serial is within the range of addressable * serial numbers covered by the journal, but * this particular serial number does not exist. */ @@ -225,17 +230,18 @@ dns_journal_current_rr(dns_journal_t *j, dns_name_t **name, isc_uint32_t *ttl, */ isc_result_t -dns_journal_rollforward(isc_mem_t *mctx, dns_db_t *db, const char *filename); +dns_journal_rollforward(isc_mem_t *mctx, dns_db_t *db, unsigned int options, + const char *filename); /*%< * Roll forward (play back) the journal file "filename" into the * database "db". This should be called when the server starts * after a shutdown or crash. * * Requires: - *\li 'mctx' is a valid memory context. + *\li 'mctx' is a valid memory context. *\li 'db' is a valid database which does not have a version * open for writing. - * \li 'filename' is the name of the journal file belonging to 'db'. + *\li 'filename' is the name of the journal file belonging to 'db'. * * Returns: *\li DNS_R_NOJOURNAL when journal does not exist. @@ -264,7 +270,7 @@ dns_db_diff(isc_mem_t *mctx, isc_result_t dns_journal_compact(isc_mem_t *mctx, char *filename, isc_uint32_t serial, - isc_uint32_t target_size); + isc_uint32_t target_size); /*%< * Attempt to compact the journal if it is greater that 'target_size'. * Changes from 'serial' onwards will be preserved. If the journal diff --git a/contrib/bind9/lib/dns/include/dns/keyflags.h b/contrib/bind9/lib/dns/include/dns/keyflags.h index 665b517..74a1740 100644 --- a/contrib/bind9/lib/dns/include/dns/keyflags.h +++ b/contrib/bind9/lib/dns/include/dns/keyflags.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: keyflags.h,v 1.10.18.2 2005/04/29 00:16:13 marka Exp $ */ +/* $Id: keyflags.h,v 1.16 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_KEYFLAGS_H #define DNS_KEYFLAGS_H 1 -/*! \file */ +/*! \file dns/keyflags.h */ #include <isc/lang.h> diff --git a/contrib/bind9/lib/dns/include/dns/keytable.h b/contrib/bind9/lib/dns/include/dns/keytable.h index b8bfcc1..553aa99 100644 --- a/contrib/bind9/lib/dns/include/dns/keytable.h +++ b/contrib/bind9/lib/dns/include/dns/keytable.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: keytable.h,v 1.11.18.3 2005/12/05 00:00:03 marka Exp $ */ +/* $Id: keytable.h,v 1.16 2007/06/19 23:47:16 tbox Exp $ */ #ifndef DNS_KEYTABLE_H #define DNS_KEYTABLE_H 1 diff --git a/contrib/bind9/lib/dns/include/dns/keyvalues.h b/contrib/bind9/lib/dns/include/dns/keyvalues.h index df17ace..7040389 100644 --- a/contrib/bind9/lib/dns/include/dns/keyvalues.h +++ b/contrib/bind9/lib/dns/include/dns/keyvalues.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: keyvalues.h,v 1.15.18.2 2005/04/29 00:16:14 marka Exp $ */ +/* $Id: keyvalues.h,v 1.23 2008/09/25 04:02:39 tbox Exp $ */ #ifndef DNS_KEYVALUES_H #define DNS_KEYVALUES_H 1 -/*! \file */ +/*! \file dns/keyvalues.h */ /* * Flags field of the KEY RR rdata @@ -64,9 +64,11 @@ #define DNS_KEYALG_RSA DNS_KEYALG_RSAMD5 #define DNS_KEYALG_DH 2 /*%< Diffie Hellman KEY */ #define DNS_KEYALG_DSA 3 /*%< DSA KEY */ -#define DNS_KEYALG_DSS NS_ALG_DSA +#define DNS_KEYALG_NSEC3DSA 6 +#define DNS_KEYALG_DSS DNS_ALG_DSA #define DNS_KEYALG_ECC 4 #define DNS_KEYALG_RSASHA1 5 +#define DNS_KEYALG_NSEC3RSASHA1 7 #define DNS_KEYALG_INDIRECT 252 #define DNS_KEYALG_PRIVATEDNS 253 #define DNS_KEYALG_PRIVATEOID 254 /*%< Key begins with OID giving alg */ diff --git a/contrib/bind9/lib/dns/include/dns/lib.h b/contrib/bind9/lib/dns/include/dns/lib.h index d59dde3..fd3325b 100644 --- a/contrib/bind9/lib/dns/include/dns/lib.h +++ b/contrib/bind9/lib/dns/include/dns/lib.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lib.h,v 1.8.18.4 2005/09/20 04:33:48 marka Exp $ */ +/* $Id: lib.h,v 1.16 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_LIB_H #define DNS_LIB_H 1 -/*! \file */ +/*! \file dns/lib.h */ #include <isc/types.h> #include <isc/lang.h> diff --git a/contrib/bind9/lib/dns/include/dns/log.h b/contrib/bind9/lib/dns/include/dns/log.h index 7bee174..b7aed42 100644 --- a/contrib/bind9/lib/dns/include/dns/log.h +++ b/contrib/bind9/lib/dns/include/dns/log.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: log.h,v 1.33.18.4 2005/09/05 00:18:27 marka Exp $ */ +/* $Id: log.h,v 1.42.332.2 2009/01/18 23:47:41 tbox Exp $ */ -/*! \file +/*! \file dns/log.h * \author Principal Authors: DCL */ #ifndef DNS_LOG_H @@ -41,6 +41,7 @@ LIBDNS_EXTERNAL_DATA extern isc_logmodule_t dns_modules[]; #define DNS_LOGCATEGORY_DISPATCH (&dns_categories[8]) #define DNS_LOGCATEGORY_LAME_SERVERS (&dns_categories[9]) #define DNS_LOGCATEGORY_DELEGATION_ONLY (&dns_categories[10]) +#define DNS_LOGCATEGORY_EDNS_DISABLED (&dns_categories[11]) /* Backwards compatibility. */ #define DNS_LOGCATEGORY_GENERAL ISC_LOGCATEGORY_GENERAL @@ -87,7 +88,7 @@ dns_log_init(isc_log_t *lctx); *\li dns_log_init() is called only once. * * Ensures: - * \li The catgories and modules defined above are available for + * \li The categories and modules defined above are available for * use by isc_log_usechannnel() and isc_log_write(). */ diff --git a/contrib/bind9/lib/dns/include/dns/lookup.h b/contrib/bind9/lib/dns/include/dns/lookup.h index aea6f84..0e9a327 100644 --- a/contrib/bind9/lib/dns/include/dns/lookup.h +++ b/contrib/bind9/lib/dns/include/dns/lookup.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lookup.h,v 1.6.18.2 2005/04/29 00:16:15 marka Exp $ */ +/* $Id: lookup.h,v 1.12.332.2 2009/01/18 23:47:41 tbox Exp $ */ #ifndef DNS_LOOKUP_H #define DNS_LOOKUP_H 1 @@ -24,11 +24,11 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/lookup.h * \brief * The lookup module performs simple DNS lookups. It implements - * the full resolver algorithm, both looking for local data and - * resoving external names as necessary. + * the full resolver algorithm, both looking for local data and + * resolving external names as necessary. * * MP: *\li The module ensures appropriate synchronization of data structures it diff --git a/contrib/bind9/lib/dns/include/dns/master.h b/contrib/bind9/lib/dns/include/dns/master.h index 1f94c8c..93a782d 100644 --- a/contrib/bind9/lib/dns/include/dns/master.h +++ b/contrib/bind9/lib/dns/include/dns/master.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: master.h,v 1.38.18.6 2005/06/20 01:19:43 marka Exp $ */ +/* $Id: master.h,v 1.51 2008/04/02 02:37:42 marka Exp $ */ #ifndef DNS_MASTER_H #define DNS_MASTER_H 1 -/*! \file */ +/*! \file dns/master.h */ /*** *** Imports @@ -42,7 +42,7 @@ #define DNS_MASTER_HINT 0x00000010 /*%< Loading a hint master file. */ #define DNS_MASTER_SLAVE 0x00000020 /*%< Loading a slave master file. */ #define DNS_MASTER_CHECKNS 0x00000040 /*%< - * Check NS records to see + * Check NS records to see * if they are an address */ #define DNS_MASTER_FATALNS 0x00000080 /*%< @@ -55,6 +55,8 @@ #define DNS_MASTER_CHECKMX 0x00000800 #define DNS_MASTER_CHECKMXFAIL 0x00001000 +#define DNS_MASTER_RESIGN 0x00002000 + ISC_LANG_BEGINDECLS /* @@ -113,6 +115,17 @@ dns_master_loadfile2(const char *master_file, dns_masterformat_t format); isc_result_t +dns_master_loadfile3(const char *master_file, + dns_name_t *top, + dns_name_t *origin, + dns_rdataclass_t zclass, + unsigned int options, + isc_uint32_t resign, + dns_rdatacallbacks_t *callbacks, + isc_mem_t *mctx, + dns_masterformat_t format); + +isc_result_t dns_master_loadstream(FILE *stream, dns_name_t *top, dns_name_t *origin, @@ -163,6 +176,19 @@ dns_master_loadfileinc2(const char *master_file, dns_masterformat_t format); isc_result_t +dns_master_loadfileinc3(const char *master_file, + dns_name_t *top, + dns_name_t *origin, + dns_rdataclass_t zclass, + unsigned int options, + isc_uint32_t resign, + dns_rdatacallbacks_t *callbacks, + isc_task_t *task, + dns_loaddonefunc_t done, void *done_arg, + dns_loadctx_t **ctxp, isc_mem_t *mctx, + dns_masterformat_t format); + +isc_result_t dns_master_loadstreaminc(FILE *stream, dns_name_t *top, dns_name_t *origin, @@ -212,6 +238,9 @@ dns_master_loadlexerinc(isc_lex_t *lex, * is completed or has failed. If the initial setup fails 'done' is * not called. * + * 'resign' the number of seconds before a RRSIG expires that it should + * be re-signed. 0 is used if not provided. + * * Requires: *\li 'master_file' points to a valid string. *\li 'lexer' points to a valid lexer. diff --git a/contrib/bind9/lib/dns/include/dns/masterdump.h b/contrib/bind9/lib/dns/include/dns/masterdump.h index 8cf5c13..42521b3 100644 --- a/contrib/bind9/lib/dns/include/dns/masterdump.h +++ b/contrib/bind9/lib/dns/include/dns/masterdump.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: masterdump.h,v 1.31.14.4 2005/09/01 03:04:28 marka Exp $ */ +/* $Id: masterdump.h,v 1.42 2008/09/24 02:46:23 marka Exp $ */ #ifndef DNS_MASTERDUMP_H #define DNS_MASTERDUMP_H 1 -/*! \file */ +/*! \file dns/masterdump.h */ /*** *** Imports @@ -91,11 +91,14 @@ typedef struct dns_master_style dns_master_style_t; /*% Print negative caching entries. */ #define DNS_STYLEFLAG_NCACHE 0x00800000U -/*% Never print the TTL */ +/*% Never print the TTL. */ #define DNS_STYLEFLAG_NO_TTL 0x01000000U - -/*% Never print the CLASS */ -#define DNS_STYLEFLAG_NO_CLASS 0x02000000U + +/*% Never print the CLASS. */ +#define DNS_STYLEFLAG_NO_CLASS 0x02000000U + +/*% Report re-signing time. */ +#define DNS_STYLEFLAG_RESIGN 0x04000000U ISC_LANG_BEGINDECLS @@ -119,8 +122,8 @@ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_default; LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_full; /*% - * A master file style that prints explicit TTL values on each - * record line, never using $TTL statements. The TTL has a tab + * A master file style that prints explicit TTL values on each + * record line, never using $TTL statements. The TTL has a tab * stop of its own, but the class and type share one. */ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t @@ -133,9 +136,9 @@ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_cache; /*% - * A master style that prints name, ttl, class, type, and value on - * every line. Similar to explicitttl above, but more verbose. - * Intended for generating master files which can be easily parsed + * A master style that prints name, ttl, class, type, and value on + * every line. Similar to explicitttl above, but more verbose. + * Intended for generating master files which can be easily parsed * by perl scripts and similar applications. */ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_simple; @@ -231,7 +234,7 @@ dns_master_dumptostream2(isc_mem_t *mctx, dns_db_t *db, *\li 'task' to be valid. *\li 'done' to be non NULL. *\li 'dctxp' to be non NULL && '*dctxp' to be NULL. - * + * * Returns: *\li ISC_R_SUCCESS *\li ISC_R_CONTINUE dns_master_dumptostreaminc() only. @@ -329,6 +332,9 @@ dns_master_stylecreate(dns_master_style_t **style, unsigned int flags, void dns_master_styledestroy(dns_master_style_t **style, isc_mem_t *mctx); +const char * +dns_trust_totext(dns_trust_t trust); + ISC_LANG_ENDDECLS #endif /* DNS_MASTERDUMP_H */ diff --git a/contrib/bind9/lib/dns/include/dns/message.h b/contrib/bind9/lib/dns/include/dns/message.h index 9002b83..f880095 100644 --- a/contrib/bind9/lib/dns/include/dns/message.h +++ b/contrib/bind9/lib/dns/include/dns/message.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: message.h,v 1.114.18.6 2006/03/02 23:19:20 marka Exp $ */ +/* $Id: message.h,v 1.125.118.2 2009/01/18 23:47:41 tbox Exp $ */ #ifndef DNS_MESSAGE_H #define DNS_MESSAGE_H 1 @@ -33,7 +33,7 @@ #include <dst/dst.h> -/*! \file +/*! \file dns/message.h * \brief Message Handling Module * * How this beast works: @@ -101,8 +101,12 @@ #define DNS_MESSAGEFLAG_AD 0x0020U #define DNS_MESSAGEFLAG_CD 0x0010U +/*%< EDNS0 extended message flags */ #define DNS_MESSAGEEXTFLAG_DO 0x8000U +/*%< EDNS0 extended OPT codes */ +#define DNS_OPT_NSID 0x0003 /*%< NSID opt code */ + #define DNS_MESSAGE_REPLYPRESERVE (DNS_MESSAGEFLAG_RD|DNS_MESSAGEFLAG_CD) #define DNS_MESSAGEEXTFLAG_REPLYPRESERVE (DNS_MESSAGEEXTFLAG_DO) @@ -157,7 +161,7 @@ typedef int dns_messagetextflag_t; occurs */ #define DNS_MESSAGEPARSE_CLONEBUFFER 0x0004 /*%< save a copy of the source buffer */ -#define DNS_MESSAGEPARSE_IGNORETRUNCATION 0x0008 /*%< trucation errors are +#define DNS_MESSAGEPARSE_IGNORETRUNCATION 0x0008 /*%< truncation errors are * not fatal. */ /* @@ -771,7 +775,7 @@ dns_message_addname(dns_message_t *msg, dns_name_t *name, void dns_message_removename(dns_message_t *msg, dns_name_t *name, - dns_section_t section); + dns_section_t section); /*%< * Remove a existing name from a given section. * @@ -1031,7 +1035,7 @@ dns_message_setopt(dns_message_t *msg, dns_rdataset_t *opt); *\li The OPT record has either been freed or ownership of it has * been transferred to the message. * - *\li If ISC_R_SUCCESS was returned, the OPT record will be rendered + *\li If ISC_R_SUCCESS was returned, the OPT record will be rendered * when dns_message_renderend() is called. * * Returns: @@ -1195,7 +1199,7 @@ dns_message_takebuffer(dns_message_t *msg, isc_buffer_t **buffer); *\li msg be a valid message. * *\li buffer != NULL && *buffer is a valid isc_buffer_t, which was - * dynamincally allocated via isc_buffer_allocate(). + * dynamically allocated via isc_buffer_allocate(). */ isc_result_t @@ -1315,7 +1319,7 @@ dns_message_setsortorder(dns_message_t *msg, dns_rdatasetorderfunc_t order, *\li order_arg is NULL if and only if order is NULL. */ -void +void dns_message_settimeadjust(dns_message_t *msg, int timeadjust); /*%< * Adjust the time used to sign/verify a message by timeadjust. @@ -1325,7 +1329,7 @@ dns_message_settimeadjust(dns_message_t *msg, int timeadjust); *\li msg be a valid message. */ -int +int dns_message_gettimeadjust(dns_message_t *msg); /*%< * Return the current time adjustment. diff --git a/contrib/bind9/lib/dns/include/dns/name.h b/contrib/bind9/lib/dns/include/dns/name.h index 038ae05..0149301 100644 --- a/contrib/bind9/lib/dns/include/dns/name.h +++ b/contrib/bind9/lib/dns/include/dns/name.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: name.h,v 1.107.18.15 2006/03/02 00:37:21 marka Exp $ */ +/* $Id: name.h,v 1.126.332.2 2009/01/18 23:47:41 tbox Exp $ */ #ifndef DNS_NAME_H #define DNS_NAME_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/name.h * \brief * Provides facilities for manipulating DNS names and labels, including * conversions to and from wire format and text format. @@ -131,6 +131,7 @@ struct dns_name { #define DNS_NAMEATTR_READONLY 0x0002 #define DNS_NAMEATTR_DYNAMIC 0x0004 #define DNS_NAMEATTR_DYNOFFSETS 0x0008 +#define DNS_NAMEATTR_NOCOMPRESS 0x0010 /* * Attributes below 0x0100 reserved for name.c usage. */ @@ -242,7 +243,7 @@ dns_name_setbuffer(dns_name_t *name, isc_buffer_t *buffer); * * Notes: * \li Specification of a target buffer in dns_name_fromwire(), - * dns_name_fromtext(), and dns_name_concatentate() is optional if + * dns_name_fromtext(), and dns_name_concatenate() is optional if * 'name' has a dedicated buffer. * * \li The caller must not write to buffer until the name has been @@ -721,7 +722,7 @@ dns_name_fromwire(dns_name_t *name, isc_buffer_t *source, isc_result_t dns_name_towire(const dns_name_t *name, dns_compress_t *cctx, - isc_buffer_t *target); + isc_buffer_t *target); /*%< * Convert 'name' into wire format, compressing it as specified by the * compression context 'cctx', and storing the result in 'target'. @@ -840,7 +841,7 @@ dns_name_totext(dns_name_t *name, isc_boolean_t omit_final_dot, * name as generated by dns_name_totext(). This does not * include space for a terminating NULL. * - * This definition is conservative - the actual maximum + * This definition is conservative - the actual maximum * is 1004, derived as follows: * * A backslash-decimal escaped character takes 4 bytes. @@ -952,7 +953,7 @@ dns_name_split(dns_name_t *name, unsigned int suffixlabels, * * Notes: * \li 'name' is split such that 'suffix' holds the most significant - * 'suffixlabels' labels. All other labels are stored in 'prefix'. + * 'suffixlabels' labels. All other labels are stored in 'prefix'. * *\li Copying name data is avoided as much as possible, so 'prefix' * and 'suffix' will end up pointing at the data for 'name'. @@ -1082,7 +1083,7 @@ dns_name_dynamic(dns_name_t *name); * * Returns: * - *\li 'ISC_TRUE' if the name is dynamic othewise 'ISC_FALSE'. + *\li 'ISC_TRUE' if the name is dynamic otherwise 'ISC_FALSE'. */ isc_result_t @@ -1185,7 +1186,7 @@ dns_name_ishostname(const dns_name_t *name, isc_boolean_t wildcard); * Requires: * 'name' to be valid. */ - + isc_boolean_t dns_name_ismailbox(const dns_name_t *name); @@ -1220,7 +1221,7 @@ dns_name_destroy(void); ISC_LANG_ENDDECLS /* - *** High Peformance Macros + *** High Performance Macros ***/ /* diff --git a/contrib/bind9/lib/dns/include/dns/ncache.h b/contrib/bind9/lib/dns/include/dns/ncache.h index 459effb..a818fe6 100644 --- a/contrib/bind9/lib/dns/include/dns/ncache.h +++ b/contrib/bind9/lib/dns/include/dns/ncache.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ncache.h,v 1.17.18.2 2005/04/29 00:16:16 marka Exp $ */ +/* $Id: ncache.h,v 1.25 2008/09/25 04:02:39 tbox Exp $ */ #ifndef DNS_NCACHE_H #define DNS_NCACHE_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/ncache.h *\brief * DNS Ncache * @@ -63,6 +63,11 @@ isc_result_t dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, dns_rdatatype_t covers, isc_stdtime_t now, dns_ttl_t maxttl, dns_rdataset_t *addedrdataset); +isc_result_t +dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache, + dns_dbnode_t *node, dns_rdatatype_t covers, + isc_stdtime_t now, dns_ttl_t maxttl, + isc_boolean_t optout, dns_rdataset_t *addedrdataset); /*%< * Convert the authority data from 'message' into a negative cache * rdataset, and store it in 'cache' at 'node' with a TTL limited to @@ -71,6 +76,8 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, * The 'covers' argument is the RR type whose nonexistence we are caching, * or dns_rdatatype_any when caching a NXDOMAIN response. * + * 'optout' indicates a DNS_RATASETATTR_OPTOUT should be set. + * * Note: *\li If 'addedrdataset' is not NULL, then it will be attached to the added * rdataset. See dns_db_addrdataset() for more details. @@ -154,6 +161,19 @@ dns_ncache_getrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name, * */ +void +dns_ncache_current(dns_rdataset_t *ncacherdataset, dns_name_t *found, + dns_rdataset_t *rdataset); + +/*%< + * Extract the current rdataset and name from a ncache entry. + * + * Requires: + * \li 'ncacherdataset' to be valid and to be a negative cache entry + * \li 'found' to be valid. + * \li 'rdataset' to be unassociated. + */ + ISC_LANG_ENDDECLS #endif /* DNS_NCACHE_H */ diff --git a/contrib/bind9/lib/dns/include/dns/nsec.h b/contrib/bind9/lib/dns/include/dns/nsec.h index 46b75fa..335a463 100644 --- a/contrib/bind9/lib/dns/include/dns/nsec.h +++ b/contrib/bind9/lib/dns/include/dns/nsec.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsec.h,v 1.4.20.2 2005/04/29 00:16:16 marka Exp $ */ +/* $Id: nsec.h,v 1.12 2008/09/25 04:02:39 tbox Exp $ */ #ifndef DNS_NSEC_H #define DNS_NSEC_H 1 -/*! \file */ +/*! \file dns/nsec.h */ #include <isc/lang.h> @@ -64,6 +64,17 @@ dns_nsec_typepresent(dns_rdata_t *nsec, dns_rdatatype_t type); *\li 'nsec' points to a valid rdataset of type NSEC */ +isc_result_t +dns_nsec_nseconly(dns_db_t *db, dns_dbversion_t *version, + isc_boolean_t *answer); +/* + * Report whether the DNSKEY RRset has a NSEC only algorithm. Unknown + * algorithms are assumed to support NSEC3. + * + * Requires: + * 'answer' to be non NULL. + */ + ISC_LANG_ENDDECLS #endif /* DNS_NSEC_H */ diff --git a/contrib/bind9/lib/dns/include/dns/nsec3.h b/contrib/bind9/lib/dns/include/dns/nsec3.h new file mode 100644 index 0000000..2d6a8dd --- /dev/null +++ b/contrib/bind9/lib/dns/include/dns/nsec3.h @@ -0,0 +1,194 @@ +/* + * Copyright (C) 2008, 2009 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: nsec3.h,v 1.5.48.2 2009/01/18 23:47:41 tbox Exp $ */ + +#ifndef DNS_NSEC3_H +#define DNS_NSEC3_H 1 + +#include <isc/lang.h> +#include <isc/iterated_hash.h> + +#include <dns/db.h> +#include <dns/diff.h> +#include <dns/name.h> +#include <dns/rdatastruct.h> +#include <dns/types.h> + +/* + * hash = 1, flags =1, iterations = 2, salt length = 1, salt = 255 (max) + * hash length = 1, hash = 255 (max), bitmap = 8192 + 512 (max) + */ +#define DNS_NSEC3_BUFFERSIZE (6 + 255 + 255 + 8192 + 512) +/* + * hash = 1, flags = 1, iterations = 2, salt length = 1, salt = 255 (max) + */ +#define DNS_NSEC3PARAM_BUFFERSIZE (5 + 255) + +/* + * Test "unknown" algorithm. Is mapped to dns_hash_sha1. + */ +#define DNS_NSEC3_UNKNOWNALG 245U + +ISC_LANG_BEGINDECLS + +isc_result_t +dns_nsec3_buildrdata(dns_db_t *db, dns_dbversion_t *version, + dns_dbnode_t *node, unsigned int hashalg, + unsigned int optin, unsigned int iterations, + const unsigned char *salt, size_t salt_length, + const unsigned char *nexthash, size_t hash_length, + unsigned char *buffer, dns_rdata_t *rdata); +/*%< + * Build the rdata of a NSEC3 record for the data at 'node'. + * Note: 'node' is not the node where the NSEC3 record will be stored. + * + * Requires: + * buffer Points to a temporary buffer of at least + * DNS_NSEC_BUFFERSIZE bytes. + * rdata Points to an initialized dns_rdata_t. + * + * Ensures: + * *rdata Contains a valid NSEC3 rdata. The 'data' member refers + * to 'buffer'. + */ + +isc_boolean_t +dns_nsec3_typepresent(dns_rdata_t *nsec, dns_rdatatype_t type); +/*%< + * Determine if a type is marked as present in an NSEC3 record. + * + * Requires: + * 'nsec' points to a valid rdataset of type NSEC3 + */ + +isc_result_t +dns_nsec3_hashname(dns_fixedname_t *result, + unsigned char rethash[NSEC3_MAX_HASH_LENGTH], + size_t *hash_length, dns_name_t *name, dns_name_t *origin, + dns_hash_t hashalg, unsigned int iterations, + const unsigned char *salt, size_t saltlength); +/*%< + * Make a hashed domain name from an unhashed one. If rethash is not NULL + * the raw hash is stored there. + */ + +unsigned int +dns_nsec3_hashlength(dns_hash_t hash); +/*%< + * Return the length of the hash produced by the specified algorithm + * or zero when unknown. + */ + +isc_boolean_t +dns_nsec3_supportedhash(dns_hash_t hash); +/*%< + * Return whether we support this hash algorithm or not. + */ + +isc_result_t +dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version, + dns_name_t *name, const dns_rdata_nsec3param_t *nsec3param, + dns_ttl_t nsecttl, isc_boolean_t unsecure, dns_diff_t *diff); + +isc_result_t +dns_nsec3_addnsec3s(dns_db_t *db, dns_dbversion_t *version, + dns_name_t *name, dns_ttl_t nsecttl, + isc_boolean_t unsecure, dns_diff_t *diff); +/*%< + * Add NSEC3 records for 'name', recording the change in 'diff'. + * Adjust previous NSEC3 records, if any, to reflect the addition. + * The existing NSEC3 records are removed. + * + * dns_nsec3_addnsec3() will only add records to the chain identified by + * 'nsec3param'. + * + * 'unsecure' should be set to reflect if this is a potentially + * unsecure delegation (no DS record). + * + * dns_nsec3_addnsec3s() will examine the NSEC3PARAM RRset to determine which + * chains to be updated. NSEC3PARAM records with the DNS_NSEC3FLAG_CREATE + * will be preferentially chosen over NSEC3PARAM records without + * DNS_NSEC3FLAG_CREATE set. NSEC3PARAM records with DNS_NSEC3FLAG_REMOVE + * set will be ignored by dns_nsec3_addnsec3s(). If DNS_NSEC3FLAG_CREATE + * is set then the new NSEC3 will have OPTOUT set to match the that in the + * NSEC3PARAM record otherwise OPTOUT will be inherited from the previous + * record in the chain. + * + * Requires: + * 'db' to be valid. + * 'version' to be valid or NULL. + * 'name' to be valid. + * 'nsec3param' to be valid. + * 'diff' to be valid. + */ + +isc_result_t +dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name, + const dns_rdata_nsec3param_t *nsec3param, dns_diff_t *diff); + +isc_result_t +dns_nsec3_delnsec3s(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name, + dns_diff_t *diff); +/*%< + * Remove NSEC3 records for 'name', recording the change in 'diff'. + * Adjust previous NSEC3 records, if any, to reflect the removal. + * + * dns_nsec3_delnsec3() performs the above for the chain identified by + * 'nsec3param'. + * + * dns_nsec3_delnsec3s() examines the NSEC3PARAM RRset in a similar manner + * to dns_nsec3_addnsec3s(). Unlike dns_nsec3_addnsec3s() updated NSEC3 + * records have the OPTOUT flag preserved. + * + * Requires: + * 'db' to be valid. + * 'version' to be valid or NULL. + * 'name' to be valid. + * 'nsec3param' to be valid. + * 'diff' to be valid. + */ + +isc_result_t +dns_nsec3_active(dns_db_t *db, dns_dbversion_t *version, + isc_boolean_t complete, isc_boolean_t *answer); +/*%< + * Check if there are any complete/to be built NSEC3 chains. + * If 'complete' is ISC_TRUE only complete chains will be recognized. + * + * Requires: + * 'db' to be valid. + * 'version' to be valid or NULL. + * 'answer' to be non NULL. + */ + +isc_result_t +dns_nsec3_maxiterations(dns_db_t *db, dns_dbversion_t *version, + isc_mem_t *mctx, unsigned int *iterationsp); +/*%< + * Find the maximum permissible number of iterations allowed based on + * the key strength. + * + * Requires: + * 'db' to be valid. + * 'version' to be valid or NULL. + * 'mctx' to be valid. + * 'iterationsp' to be non NULL. + */ + +ISC_LANG_ENDDECLS + +#endif /* DNS_NSEC3_H */ diff --git a/contrib/bind9/lib/dns/include/dns/opcode.h b/contrib/bind9/lib/dns/include/dns/opcode.h index 4796dba..368b2b2 100644 --- a/contrib/bind9/lib/dns/include/dns/opcode.h +++ b/contrib/bind9/lib/dns/include/dns/opcode.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: opcode.h,v 1.2.18.2 2005/04/29 00:16:16 marka Exp $ */ +/* $Id: opcode.h,v 1.8 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_OPCODE_H #define DNS_OPCODE_H 1 -/*! \file */ +/*! \file dns/opcode.h */ #include <isc/lang.h> diff --git a/contrib/bind9/lib/dns/include/dns/order.h b/contrib/bind9/lib/dns/include/dns/order.h index 6458db0..85663c3 100644 --- a/contrib/bind9/lib/dns/include/dns/order.h +++ b/contrib/bind9/lib/dns/include/dns/order.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: order.h,v 1.3.18.2 2005/04/29 00:16:17 marka Exp $ */ +/* $Id: order.h,v 1.9 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_ORDER_H #define DNS_ORDER_H 1 -/*! \file */ +/*! \file dns/order.h */ #include <isc/lang.h> #include <isc/types.h> diff --git a/contrib/bind9/lib/dns/include/dns/peer.h b/contrib/bind9/lib/dns/include/dns/peer.h index be5a8c3..9e7a188 100644 --- a/contrib/bind9/lib/dns/include/dns/peer.h +++ b/contrib/bind9/lib/dns/include/dns/peer.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: peer.h,v 1.20.18.8 2006/02/28 03:10:48 marka Exp $ */ +/* $Id: peer.h,v 1.33.118.2 2009/01/18 23:47:41 tbox Exp $ */ #ifndef DNS_PEER_H #define DNS_PEER_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/peer.h * \brief * Data structures for peers (e.g. a 'server' config file statement) */ @@ -73,11 +73,12 @@ struct dns_peer { isc_boolean_t provide_ixfr; isc_boolean_t request_ixfr; isc_boolean_t support_edns; + isc_boolean_t request_nsid; dns_name_t *key; isc_sockaddr_t *transfer_source; - isc_sockaddr_t *notify_source; - isc_sockaddr_t *query_source; - isc_uint16_t udpsize; /* recieve size */ + isc_sockaddr_t *notify_source; + isc_sockaddr_t *query_source; + isc_uint16_t udpsize; /* receive size */ isc_uint16_t maxudp; /* transmit size */ isc_uint32_t bitflags; @@ -150,6 +151,12 @@ isc_result_t dns_peer_getprovideixfr(dns_peer_t *peer, isc_boolean_t *retval); isc_result_t +dns_peer_setrequestnsid(dns_peer_t *peer, isc_boolean_t newval); + +isc_result_t +dns_peer_getrequestnsid(dns_peer_t *peer, isc_boolean_t *retval); + +isc_result_t dns_peer_setsupportedns(dns_peer_t *peer, isc_boolean_t newval); isc_result_t diff --git a/contrib/bind9/lib/dns/include/dns/portlist.h b/contrib/bind9/lib/dns/include/dns/portlist.h index 2d400d4..f76731a 100644 --- a/contrib/bind9/lib/dns/include/dns/portlist.h +++ b/contrib/bind9/lib/dns/include/dns/portlist.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: portlist.h,v 1.3.18.2 2005/04/29 00:16:17 marka Exp $ */ +/* $Id: portlist.h,v 1.9 2007/06/19 23:47:17 tbox Exp $ */ -/*! \file */ +/*! \file dns/portlist.h */ #include <isc/lang.h> #include <isc/net.h> diff --git a/contrib/bind9/lib/dns/include/dns/rbt.h b/contrib/bind9/lib/dns/include/dns/rbt.h index a1edf0c..6eea787 100644 --- a/contrib/bind9/lib/dns/include/dns/rbt.h +++ b/contrib/bind9/lib/dns/include/dns/rbt.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbt.h,v 1.59.18.5 2005/10/13 01:26:07 marka Exp $ */ +/* $Id: rbt.h,v 1.71.48.2 2009/01/18 23:47:41 tbox Exp $ */ #ifndef DNS_RBT_H #define DNS_RBT_H 1 -/*! \file */ +/*! \file dns/rbt.h */ #include <isc/lang.h> #include <isc/magic.h> @@ -37,10 +37,10 @@ ISC_LANG_BEGINDECLS * Option values for dns_rbt_findnode() and dns_rbt_findname(). * These are used to form a bitmask. */ -#define DNS_RBTFIND_NOOPTIONS 0x00 -#define DNS_RBTFIND_EMPTYDATA 0x01 -#define DNS_RBTFIND_NOEXACT 0x02 -#define DNS_RBTFIND_NOPREDECESSOR 0x04 +#define DNS_RBTFIND_NOOPTIONS 0x00 +#define DNS_RBTFIND_EMPTYDATA 0x01 +#define DNS_RBTFIND_NOEXACT 0x02 +#define DNS_RBTFIND_NOPREDECESSOR 0x04 /*@}*/ #ifndef DNS_RBT_USEISCREFCOUNT @@ -52,14 +52,14 @@ ISC_LANG_BEGINDECLS /* * These should add up to 30. */ -#define DNS_RBT_LOCKLENGTH 10 -#define DNS_RBT_REFLENGTH 20 +#define DNS_RBT_LOCKLENGTH 10 +#define DNS_RBT_REFLENGTH 20 -#define DNS_RBTNODE_MAGIC ISC_MAGIC('R','B','N','O') +#define DNS_RBTNODE_MAGIC ISC_MAGIC('R','B','N','O') #if DNS_RBT_USEMAGIC -#define DNS_RBTNODE_VALID(n) ISC_MAGIC_VALID(n, DNS_RBTNODE_MAGIC) +#define DNS_RBTNODE_VALID(n) ISC_MAGIC_VALID(n, DNS_RBTNODE_MAGIC) #else -#define DNS_RBTNODE_VALID(n) ISC_TRUE +#define DNS_RBTNODE_VALID(n) ISC_TRUE #endif /*% @@ -69,22 +69,31 @@ ISC_LANG_BEGINDECLS * appended to this structure. Allocating a contiguous block of memory for * multiple dns_rbtnode structures will not work. */ -typedef struct dns_rbtnode { +typedef struct dns_rbtnode dns_rbtnode_t; +struct dns_rbtnode { #if DNS_RBT_USEMAGIC unsigned int magic; #endif - struct dns_rbtnode *parent; - struct dns_rbtnode *left; - struct dns_rbtnode *right; - struct dns_rbtnode *down; + dns_rbtnode_t *parent; + dns_rbtnode_t *left; + dns_rbtnode_t *right; + dns_rbtnode_t *down; #ifdef DNS_RBT_USEHASH - struct dns_rbtnode *hashnext; + dns_rbtnode_t *hashnext; #endif + + /*% + * Used for LRU cache. This linked list is used to mark nodes which + * have no data any longer, but we cannot unlink at that exact moment + * because we did not or could not obtain a write lock on the tree. + */ + ISC_LINK(dns_rbtnode_t) deadlink; + /*@{*/ /*! * The following bitfields add up to a total bitwidth of 32. * The range of values necessary for each item is indicated, - * but in the case of "attributes" the field is wider to accomodate + * but in the case of "attributes" the field is wider to accommodate * possible future expansion. "offsetlen" could be one bit * narrower by always adjusting its value by 1 to find the real * offsetlen, but doing so does not gain anything (except perhaps @@ -93,13 +102,14 @@ typedef struct dns_rbtnode { * In each case below the "range" indicated is what's _necessary_ for * the bitfield to hold, not what it actually _can_ hold. */ - unsigned int is_root : 1; /*%< range is 0..1 */ - unsigned int color : 1; /*%< range is 0..1 */ - unsigned int find_callback : 1; /*%< range is 0..1 */ - unsigned int attributes : 4; /*%< range is 0..2 */ - unsigned int namelen : 8; /*%< range is 1..255 */ - unsigned int offsetlen : 8; /*%< range is 1..128 */ - unsigned int padbytes : 9; /*%< range is 0..380 */ + unsigned int is_root : 1; /*%< range is 0..1 */ + unsigned int color : 1; /*%< range is 0..1 */ + unsigned int find_callback : 1; /*%< range is 0..1 */ + unsigned int attributes : 3; /*%< range is 0..2 */ + unsigned int nsec3 : 1; /*%< range is 0..1 */ + unsigned int namelen : 8; /*%< range is 1..255 */ + unsigned int offsetlen : 8; /*%< range is 1..128 */ + unsigned int padbytes : 9; /*%< range is 0..380 */ /*@}*/ #ifdef DNS_RBT_USEHASH @@ -121,14 +131,14 @@ typedef struct dns_rbtnode { isc_refcount_t references; /* note that this is not in the bitfield */ #endif /*@}*/ -} dns_rbtnode_t; +}; typedef isc_result_t (*dns_rbtfindcallback_t)(dns_rbtnode_t *node, dns_name_t *name, void *callback_arg); /***** - ***** Chain Info + ***** Chain Info *****/ /*! @@ -145,7 +155,7 @@ typedef isc_result_t (*dns_rbtfindcallback_t)(dns_rbtnode_t *node, * tree when a node is added). The obvious implication of this is that for a * chain to remain valid, the tree has to be locked down against writes for the * duration of the useful life of the chain, because additions or removals can - * change the path from the root to the node the chain has targetted. + * change the path from the root to the node the chain has targeted. * * The dns_rbtnodechain_ functions _first, _last, _prev and _next all take * dns_name_t parameters for the name and the origin, which can be NULL. If @@ -182,15 +192,15 @@ typedef isc_result_t (*dns_rbtfindcallback_t)(dns_rbtnode_t *node, #define DNS_RBT_LEVELBLOCK 254 typedef struct dns_rbtnodechain { - unsigned int magic; - isc_mem_t * mctx; + unsigned int magic; + isc_mem_t * mctx; /*% * The terminal node of the chain. It is not in levels[]. * This is ostensibly private ... but in a pinch it could be * used tell that the chain points nowhere without needing to * call dns_rbtnodechain_current(). */ - dns_rbtnode_t * end; + dns_rbtnode_t * end; /*% * The maximum number of labels in a name is 128; bitstrings mean * a conceptually very large number (which I have not bothered to @@ -199,7 +209,7 @@ typedef struct dns_rbtnodechain { * labels in a name to 255, meaning only 254 pointers are needed * in the worst case. */ - dns_rbtnode_t * levels[DNS_RBT_LEVELBLOCK]; + dns_rbtnode_t * levels[DNS_RBT_LEVELBLOCK]; /*% * level_count indicates how deep the chain points into the * tree of trees, and is the index into the levels[] array. @@ -208,7 +218,7 @@ typedef struct dns_rbtnodechain { * a level_count of 0, the first level has a level_count of 1, and * so on. */ - unsigned int level_count; + unsigned int level_count; /*% * level_matches tells how many levels matched above the node * returned by dns_rbt_findnode(). A match (partial or exact) found @@ -216,7 +226,7 @@ typedef struct dns_rbtnodechain { * This is used by the rbtdb to set the start point for a recursive * search of superdomains until the RR it is looking for is found. */ - unsigned int level_matches; + unsigned int level_matches; } dns_rbtnodechain_t; /***** @@ -229,27 +239,27 @@ dns_rbt_create(isc_mem_t *mctx, void (*deleter)(void *, void *), * Initialize a red-black tree of trees. * * Notes: - *\li The deleter argument, if non-null, points to a function that is - * responsible for cleaning up any memory associated with the data - * pointer of a node when the node is deleted. It is passed the - * deleted node's data pointer as its first argument and deleter_arg - * as its second argument. + *\li The deleter argument, if non-null, points to a function that is + * responsible for cleaning up any memory associated with the data + * pointer of a node when the node is deleted. It is passed the + * deleted node's data pointer as its first argument and deleter_arg + * as its second argument. * * Requires: - * \li mctx is a pointer to a valid memory context. - *\li rbtp != NULL && *rbtp == NULL - *\li arg == NULL iff deleter == NULL + * \li mctx is a pointer to a valid memory context. + *\li rbtp != NULL && *rbtp == NULL + *\li arg == NULL iff deleter == NULL * * Ensures: - *\li If result is ISC_R_SUCCESS: - * *rbtp points to a valid red-black tree manager + *\li If result is ISC_R_SUCCESS: + * *rbtp points to a valid red-black tree manager * - *\li If result is failure: - * *rbtp does not point to a valid red-black tree manager. + *\li If result is failure: + * *rbtp does not point to a valid red-black tree manager. * * Returns: - *\li #ISC_R_SUCCESS Success - *\li #ISC_R_NOMEMORY Resource limit: Out of Memory + *\li #ISC_R_SUCCESS Success + *\li #ISC_R_NOMEMORY Resource limit: Out of Memory */ isc_result_t @@ -258,38 +268,38 @@ dns_rbt_addname(dns_rbt_t *rbt, dns_name_t *name, void *data); * Add 'name' to the tree of trees, associated with 'data'. * * Notes: - *\li 'data' is never required to be non-NULL, but specifying it - * when the name is added is faster than searching for 'name' - * again and then setting the data pointer. The lack of a data pointer - * for a node also has other ramifications regarding whether - * dns_rbt_findname considers a node to exist, or dns_rbt_deletename - * joins nodes. + *\li 'data' is never required to be non-NULL, but specifying it + * when the name is added is faster than searching for 'name' + * again and then setting the data pointer. The lack of a data pointer + * for a node also has other ramifications regarding whether + * dns_rbt_findname considers a node to exist, or dns_rbt_deletename + * joins nodes. * * Requires: - *\li rbt is a valid rbt manager. - *\li dns_name_isabsolute(name) == TRUE + *\li rbt is a valid rbt manager. + *\li dns_name_isabsolute(name) == TRUE * * Ensures: - *\li 'name' is not altered in any way. + *\li 'name' is not altered in any way. * - *\li Any external references to nodes in the tree are unaffected by - * node splits that are necessary to insert the new name. + *\li Any external references to nodes in the tree are unaffected by + * node splits that are necessary to insert the new name. * - *\li If result is #ISC_R_SUCCESS: - * 'name' is findable in the red/black tree of trees in O(log N). - * The data pointer of the node for 'name' is set to 'data'. + *\li If result is #ISC_R_SUCCESS: + * 'name' is findable in the red/black tree of trees in O(log N). + * The data pointer of the node for 'name' is set to 'data'. * - *\li If result is #ISC_R_EXISTS or #ISC_R_NOSPACE: - * The tree of trees is unaltered. + *\li If result is #ISC_R_EXISTS or #ISC_R_NOSPACE: + * The tree of trees is unaltered. * - *\li If result is #ISC_R_NOMEMORY: - * No guarantees. + *\li If result is #ISC_R_NOMEMORY: + * No guarantees. * * Returns: - *\li #ISC_R_SUCCESS Success - *\li #ISC_R_EXISTS The name already exists with associated data. - *\li #ISC_R_NOSPACE The name had more logical labels than are allowed. - *\li #ISC_R_NOMEMORY Resource Limit: Out of Memory + *\li #ISC_R_SUCCESS Success + *\li #ISC_R_EXISTS The name already exists with associated data. + *\li #ISC_R_NOSPACE The name had more logical labels than are allowed. + *\li #ISC_R_NOMEMORY Resource Limit: Out of Memory */ isc_result_t @@ -299,31 +309,31 @@ dns_rbt_addnode(dns_rbt_t *rbt, dns_name_t *name, dns_rbtnode_t **nodep); * Just like dns_rbt_addname, but returns the address of the node. * * Requires: - *\li rbt is a valid rbt structure. - *\li dns_name_isabsolute(name) == TRUE - *\li nodep != NULL && *nodep == NULL + *\li rbt is a valid rbt structure. + *\li dns_name_isabsolute(name) == TRUE + *\li nodep != NULL && *nodep == NULL * * Ensures: - *\li 'name' is not altered in any way. + *\li 'name' is not altered in any way. * - *\li Any external references to nodes in the tree are unaffected by - * node splits that are necessary to insert the new name. + *\li Any external references to nodes in the tree are unaffected by + * node splits that are necessary to insert the new name. * - *\li If result is ISC_R_SUCCESS: - * 'name' is findable in the red/black tree of trees in O(log N). - * *nodep is the node that was added for 'name'. + *\li If result is ISC_R_SUCCESS: + * 'name' is findable in the red/black tree of trees in O(log N). + * *nodep is the node that was added for 'name'. * - *\li If result is ISC_R_EXISTS: - * The tree of trees is unaltered. - * *nodep is the existing node for 'name'. + *\li If result is ISC_R_EXISTS: + * The tree of trees is unaltered. + * *nodep is the existing node for 'name'. * - *\li If result is ISC_R_NOMEMORY: - * No guarantees. + *\li If result is ISC_R_NOMEMORY: + * No guarantees. * * Returns: - *\li #ISC_R_SUCCESS Success - *\li #ISC_R_EXISTS The name already exists, possibly without data. - *\li #ISC_R_NOMEMORY Resource Limit: Out of Memory + *\li #ISC_R_SUCCESS Success + *\li #ISC_R_EXISTS The name already exists, possibly without data. + *\li #ISC_R_NOMEMORY Resource Limit: Out of Memory */ isc_result_t @@ -333,36 +343,36 @@ dns_rbt_findname(dns_rbt_t *rbt, dns_name_t *name, unsigned int options, * Get the data pointer associated with 'name'. * * Notes: - *\li When #DNS_RBTFIND_NOEXACT is set, the closest matching superdomain is + *\li When #DNS_RBTFIND_NOEXACT is set, the closest matching superdomain is * returned (also subject to #DNS_RBTFIND_EMPTYDATA), even when there is - * an exact match in the tree. + * an exact match in the tree. * *\li A node that has no data is considered not to exist for this function, * unless the #DNS_RBTFIND_EMPTYDATA option is set. * * Requires: - *\li rbt is a valid rbt manager. - *\li dns_name_isabsolute(name) == TRUE - *\li data != NULL && *data == NULL + *\li rbt is a valid rbt manager. + *\li dns_name_isabsolute(name) == TRUE + *\li data != NULL && *data == NULL * * Ensures: - *\li 'name' and the tree are not altered in any way. + *\li 'name' and the tree are not altered in any way. * - *\li If result is ISC_R_SUCCESS: - * *data is the data associated with 'name'. + *\li If result is ISC_R_SUCCESS: + * *data is the data associated with 'name'. * - *\li If result is DNS_R_PARTIALMATCH: - * *data is the data associated with the deepest superdomain - * of 'name' which has data. + *\li If result is DNS_R_PARTIALMATCH: + * *data is the data associated with the deepest superdomain + * of 'name' which has data. * - *\li If result is ISC_R_NOTFOUND: - * Neither the name nor a superdomain was found with data. + *\li If result is ISC_R_NOTFOUND: + * Neither the name nor a superdomain was found with data. * * Returns: - *\li #ISC_R_SUCCESS Success - *\li #DNS_R_PARTIALMATCH Superdomain found with data - *\li #ISC_R_NOTFOUND No match - *\li #ISC_R_NOSPACE Concatenating nodes to form foundname failed + *\li #ISC_R_SUCCESS Success + *\li #DNS_R_PARTIALMATCH Superdomain found with data + *\li #ISC_R_NOTFOUND No match + *\li #ISC_R_NOSPACE Concatenating nodes to form foundname failed */ isc_result_t @@ -374,100 +384,100 @@ dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname, * Find the node for 'name'. * * Notes: - *\li A node that has no data is considered not to exist for this function, - * unless the DNS_RBTFIND_EMPTYDATA option is set. This applies to both - * exact matches and partial matches. - * - *\li If the chain parameter is non-NULL, then the path through the tree - * to the DNSSEC predecessor of the searched for name is maintained, - * unless the DNS_RBTFIND_NOPREDECESSOR or DNS_RBTFIND_NOEXACT option - * is used. (For more details on those options, see below.) - * - *\li If there is no predecessor, then the chain will point to nowhere, as - * indicated by chain->end being NULL or dns_rbtnodechain_current - * returning ISC_R_NOTFOUND. Note that in a normal Internet DNS RBT - * there will always be a predecessor for all names except the root - * name, because '.' will exist and '.' is the predecessor of - * everything. But you can certainly construct a trivial tree and a - * search for it that has no predecessor. - * - *\li Within the chain structure, the 'levels' member of the structure holds - * the root node of each level except the first. - * - *\li The 'level_count' of the chain indicates how deep the chain to the - * predecessor name is, as an index into the 'levels[]' array. It does - * not count name elements, per se, but only levels of the tree of trees, - * the distinction arrising because multiple labels from a name can be - * stored on only one level. It is also does not include the level - * that has the node, since that level is not stored in levels[]. - * - *\li The chain's 'level_matches' is not directly related to the predecessor. - * It is the number of levels above the level of the found 'node', - * regardless of whether it was a partial match or exact match. When - * the node is found in the top level tree, or no node is found at all, - * level_matches is 0. - * - *\li When DNS_RBTFIND_NOEXACT is set, the closest matching superdomain is + *\li A node that has no data is considered not to exist for this function, + * unless the DNS_RBTFIND_EMPTYDATA option is set. This applies to both + * exact matches and partial matches. + * + *\li If the chain parameter is non-NULL, then the path through the tree + * to the DNSSEC predecessor of the searched for name is maintained, + * unless the DNS_RBTFIND_NOPREDECESSOR or DNS_RBTFIND_NOEXACT option + * is used. (For more details on those options, see below.) + * + *\li If there is no predecessor, then the chain will point to nowhere, as + * indicated by chain->end being NULL or dns_rbtnodechain_current + * returning ISC_R_NOTFOUND. Note that in a normal Internet DNS RBT + * there will always be a predecessor for all names except the root + * name, because '.' will exist and '.' is the predecessor of + * everything. But you can certainly construct a trivial tree and a + * search for it that has no predecessor. + * + *\li Within the chain structure, the 'levels' member of the structure holds + * the root node of each level except the first. + * + *\li The 'level_count' of the chain indicates how deep the chain to the + * predecessor name is, as an index into the 'levels[]' array. It does + * not count name elements, per se, but only levels of the tree of trees, + * the distinction arising because multiple labels from a name can be + * stored on only one level. It is also does not include the level + * that has the node, since that level is not stored in levels[]. + * + *\li The chain's 'level_matches' is not directly related to the predecessor. + * It is the number of levels above the level of the found 'node', + * regardless of whether it was a partial match or exact match. When + * the node is found in the top level tree, or no node is found at all, + * level_matches is 0. + * + *\li When DNS_RBTFIND_NOEXACT is set, the closest matching superdomain is * returned (also subject to DNS_RBTFIND_EMPTYDATA), even when * there is an exact match in the tree. In this case, the chain - * will not point to the DNSSEC predecessor, but will instead point - * to the exact match, if there was any. Thus the preceding paragraphs - * should have "exact match" substituted for "predecessor" to describe - * how the various elements of the chain are set. This was done to - * ensure that the chain's state was sane, and to prevent problems that - * occurred when running the predecessor location code under conditions - * it was not designed for. It is not clear *where* the chain should - * point when DNS_RBTFIND_NOEXACT is set, so if you end up using a chain - * with this option because you want a particular node, let us know - * where you want the chain pointed, so this can be made more firm. + * will not point to the DNSSEC predecessor, but will instead point + * to the exact match, if there was any. Thus the preceding paragraphs + * should have "exact match" substituted for "predecessor" to describe + * how the various elements of the chain are set. This was done to + * ensure that the chain's state was sane, and to prevent problems that + * occurred when running the predecessor location code under conditions + * it was not designed for. It is not clear *where* the chain should + * point when DNS_RBTFIND_NOEXACT is set, so if you end up using a chain + * with this option because you want a particular node, let us know + * where you want the chain pointed, so this can be made more firm. * * Requires: - *\li rbt is a valid rbt manager. - *\li dns_name_isabsolute(name) == TRUE. - *\li node != NULL && *node == NULL. - *\li #DNS_RBTFIND_NOEXACT and DNS_RBTFIND_NOPREDECESSOR are mutally - * exclusive. + *\li rbt is a valid rbt manager. + *\li dns_name_isabsolute(name) == TRUE. + *\li node != NULL && *node == NULL. + *\li #DNS_RBTFIND_NOEXACT and DNS_RBTFIND_NOPREDECESSOR are mutually + * exclusive. * * Ensures: - *\li 'name' and the tree are not altered in any way. + *\li 'name' and the tree are not altered in any way. * - *\li If result is ISC_R_SUCCESS: + *\li If result is ISC_R_SUCCESS: *\verbatim - * *node is the terminal node for 'name'. + * *node is the terminal node for 'name'. - * 'foundname' and 'name' represent the same name (though not - * the same memory). + * 'foundname' and 'name' represent the same name (though not + * the same memory). - * 'chain' points to the DNSSEC predecessor, if any, of 'name'. + * 'chain' points to the DNSSEC predecessor, if any, of 'name'. * - * chain->level_matches and chain->level_count are equal. + * chain->level_matches and chain->level_count are equal. *\endverbatim * - * If result is DNS_R_PARTIALMATCH: + * If result is DNS_R_PARTIALMATCH: *\verbatim - * *node is the data associated with the deepest superdomain - * of 'name' which has data. + * *node is the data associated with the deepest superdomain + * of 'name' which has data. * - * 'foundname' is the name of deepest superdomain (which has - * data, unless the DNS_RBTFIND_EMPTYDATA option is set). + * 'foundname' is the name of deepest superdomain (which has + * data, unless the DNS_RBTFIND_EMPTYDATA option is set). * - * 'chain' points to the DNSSEC predecessor, if any, of 'name'. + * 'chain' points to the DNSSEC predecessor, if any, of 'name'. *\endverbatim * - *\li If result is ISC_R_NOTFOUND: + *\li If result is ISC_R_NOTFOUND: *\verbatim - * Neither the name nor a superdomain was found. *node is NULL. + * Neither the name nor a superdomain was found. *node is NULL. * - * 'chain' points to the DNSSEC predecessor, if any, of 'name'. + * 'chain' points to the DNSSEC predecessor, if any, of 'name'. * - * chain->level_matches is 0. + * chain->level_matches is 0. *\endverbatim * * Returns: - *\li #ISC_R_SUCCESS Success - *\li #DNS_R_PARTIALMATCH Superdomain found with data - *\li #ISC_R_NOTFOUND No match, or superdomain with no data - *\li #ISC_R_NOSPACE Concatenating nodes to form foundname failed + *\li #ISC_R_SUCCESS Success + *\li #DNS_R_PARTIALMATCH Superdomain found with data + *\li #ISC_R_NOTFOUND No match, or superdomain with no data + *\li #ISC_R_NOSPACE Concatenating nodes to form foundname failed */ isc_result_t @@ -476,41 +486,41 @@ dns_rbt_deletename(dns_rbt_t *rbt, dns_name_t *name, isc_boolean_t recurse); * Delete 'name' from the tree of trees. * * Notes: - *\li When 'name' is removed, if recurse is ISC_TRUE then all of its + *\li When 'name' is removed, if recurse is ISC_TRUE then all of its * subnames are removed too. * * Requires: - *\li rbt is a valid rbt manager. - *\li dns_name_isabsolute(name) == TRUE + *\li rbt is a valid rbt manager. + *\li dns_name_isabsolute(name) == TRUE * * Ensures: - *\li 'name' is not altered in any way. + *\li 'name' is not altered in any way. * - *\li Does NOT ensure that any external references to nodes in the tree - * are unaffected by node joins. + *\li Does NOT ensure that any external references to nodes in the tree + * are unaffected by node joins. * - *\li If result is ISC_R_SUCCESS: - * 'name' does not appear in the tree with data; however, - * the node for the name might still exist which can be - * found with dns_rbt_findnode (but not dns_rbt_findname). + *\li If result is ISC_R_SUCCESS: + * 'name' does not appear in the tree with data; however, + * the node for the name might still exist which can be + * found with dns_rbt_findnode (but not dns_rbt_findname). * - *\li If result is ISC_R_NOTFOUND: - * 'name' does not appear in the tree with data, because - * it did not appear in the tree before the function was called. + *\li If result is ISC_R_NOTFOUND: + * 'name' does not appear in the tree with data, because + * it did not appear in the tree before the function was called. * - *\li If result is something else: - * See result codes for dns_rbt_findnode (if it fails, the - * node is not deleted) or dns_rbt_deletenode (if it fails, - * the node is deleted, but the tree is not optimized when - * it could have been). + *\li If result is something else: + * See result codes for dns_rbt_findnode (if it fails, the + * node is not deleted) or dns_rbt_deletenode (if it fails, + * the node is deleted, but the tree is not optimized when + * it could have been). * * Returns: - *\li #ISC_R_SUCCESS Success - *\li #ISC_R_NOTFOUND No match - *\li something_else Any return code from dns_rbt_findnode except - * DNS_R_PARTIALMATCH (which causes ISC_R_NOTFOUND - * to be returned instead), and any code from - * dns_rbt_deletenode. + *\li #ISC_R_SUCCESS Success + *\li #ISC_R_NOTFOUND No match + *\li something_else Any return code from dns_rbt_findnode except + * DNS_R_PARTIALMATCH (which causes ISC_R_NOTFOUND + * to be returned instead), and any code from + * dns_rbt_deletenode. */ isc_result_t @@ -519,32 +529,32 @@ dns_rbt_deletenode(dns_rbt_t *rbt, dns_rbtnode_t *node, isc_boolean_t recurse); * Delete 'node' from the tree of trees. * * Notes: - *\li When 'node' is removed, if recurse is ISC_TRUE then all nodes - * in levels down from it are removed too. + *\li When 'node' is removed, if recurse is ISC_TRUE then all nodes + * in levels down from it are removed too. * * Requires: - *\li rbt is a valid rbt manager. - *\li node != NULL. + *\li rbt is a valid rbt manager. + *\li node != NULL. * * Ensures: - *\li Does NOT ensure that any external references to nodes in the tree - * are unaffected by node joins. + *\li Does NOT ensure that any external references to nodes in the tree + * are unaffected by node joins. * - *\li If result is ISC_R_SUCCESS: - * 'node' does not appear in the tree with data; however, - * the node might still exist if it serves as a pointer to - * a lower tree level as long as 'recurse' was false, hence - * the node could can be found with dns_rbt_findnode whem - * that function's empty_data_ok parameter is true. + *\li If result is ISC_R_SUCCESS: + * 'node' does not appear in the tree with data; however, + * the node might still exist if it serves as a pointer to + * a lower tree level as long as 'recurse' was false, hence + * the node could can be found with dns_rbt_findnode when + * that function's empty_data_ok parameter is true. * - *\li If result is ISC_R_NOMEMORY or ISC_R_NOSPACE: - * The node was deleted, but the tree structure was not - * optimized. + *\li If result is ISC_R_NOMEMORY or ISC_R_NOSPACE: + * The node was deleted, but the tree structure was not + * optimized. * * Returns: - *\li #ISC_R_SUCCESS Success - *\li #ISC_R_NOMEMORY Resource Limit: Out of Memory when joining nodes. - *\li #ISC_R_NOSPACE dns_name_concatenate failed when joining nodes. + *\li #ISC_R_SUCCESS Success + *\li #ISC_R_NOMEMORY Resource Limit: Out of Memory when joining nodes. + *\li #ISC_R_NOSPACE dns_name_concatenate failed when joining nodes. */ void @@ -553,24 +563,24 @@ dns_rbt_namefromnode(dns_rbtnode_t *node, dns_name_t *name); * Convert the sequence of labels stored at 'node' into a 'name'. * * Notes: - *\li This function does not return the full name, from the root, but - * just the labels at the indicated node. + *\li This function does not return the full name, from the root, but + * just the labels at the indicated node. * - *\li The name data pointed to by 'name' is the information stored - * in the node, not a copy. Altering the data at this pointer - * will likely cause grief. + *\li The name data pointed to by 'name' is the information stored + * in the node, not a copy. Altering the data at this pointer + * will likely cause grief. * * Requires: - * \li name->offsets == NULL + * \li name->offsets == NULL * * Ensures: - * \li 'name' is DNS_NAMEATTR_READONLY. + * \li 'name' is DNS_NAMEATTR_READONLY. * - * \li 'name' will point directly to the labels stored after the - * dns_rbtnode_t struct. + * \li 'name' will point directly to the labels stored after the + * dns_rbtnode_t struct. * - * \li 'name' will have offsets that also point to the information stored - * as part of the node. + * \li 'name' will have offsets that also point to the information stored + * as part of the node. */ isc_result_t @@ -579,18 +589,18 @@ dns_rbt_fullnamefromnode(dns_rbtnode_t *node, dns_name_t *name); * Like dns_rbt_namefromnode, but returns the full name from the root. * * Notes: - * \li Unlike dns_rbt_namefromnode, the name will not point directly - * to node data. Rather, dns_name_concatenate will be used to copy - * the name data from each node into the 'name' argument. + * \li Unlike dns_rbt_namefromnode, the name will not point directly + * to node data. Rather, dns_name_concatenate will be used to copy + * the name data from each node into the 'name' argument. * * Requires: - * \li name != NULL - * \li name has a dedicated buffer. + * \li name != NULL + * \li name has a dedicated buffer. * * Returns: - * \li ISC_R_SUCCESS - * \li ISC_R_NOSPACE (possible via dns_name_concatenate) - * \li DNS_R_NAMETOOLONG (possible via dns_name_concatenate) + * \li ISC_R_SUCCESS + * \li ISC_R_NOSPACE (possible via dns_name_concatenate) + * \li DNS_R_NAMETOOLONG (possible via dns_name_concatenate) */ char * @@ -600,14 +610,14 @@ dns_rbt_formatnodename(dns_rbtnode_t *node, char *printname, * Format the full name of a node for printing, using dns_name_format(). * * Notes: - * \li 'size' is the length of the printname buffer. This should be - * DNS_NAME_FORMATSIZE or larger. + * \li 'size' is the length of the printname buffer. This should be + * DNS_NAME_FORMATSIZE or larger. * * Requires: - * \li node and printname are not NULL. + * \li node and printname are not NULL. * * Returns: - * \li The 'printname' pointer. + * \li The 'printname' pointer. */ unsigned int @@ -616,7 +626,7 @@ dns_rbt_nodecount(dns_rbt_t *rbt); * Obtain the number of nodes in the tree of trees. * * Requires: - * \li rbt is a valid rbt manager. + * \li rbt is a valid rbt manager. */ void @@ -624,25 +634,25 @@ dns_rbt_destroy(dns_rbt_t **rbtp); isc_result_t dns_rbt_destroy2(dns_rbt_t **rbtp, unsigned int quantum); /*%< - * Stop working with a red-black tree of trees. + * Stop working with a red-black tree of trees. * If 'quantum' is zero then the entire tree will be destroyed. * If 'quantum' is non zero then up to 'quantum' nodes will be destroyed * allowing the rbt to be incrementally destroyed by repeated calls to * dns_rbt_destroy2(). Once dns_rbt_destroy2() has been called no other * operations than dns_rbt_destroy()/dns_rbt_destroy2() should be * performed on the tree of trees. - * + * * Requires: - * \li *rbt is a valid rbt manager. + * \li *rbt is a valid rbt manager. * * Ensures on ISC_R_SUCCESS: - * \li All space allocated by the RBT library has been returned. + * \li All space allocated by the RBT library has been returned. * - * \li *rbt is invalidated as an rbt manager. + * \li *rbt is invalidated as an rbt manager. * * Returns: - * \li ISC_R_SUCCESS - * \li ISC_R_QUOTA if 'quantum' nodes have been destroyed. + * \li ISC_R_SUCCESS + * \li ISC_R_QUOTA if 'quantum' nodes have been destroyed. */ void @@ -652,10 +662,10 @@ dns_rbt_printall(dns_rbt_t *rbt); * tree of trees. * * Notes: - * \li The name stored at each node, along with the node's color, is printed. - * Then the down pointer, left and right pointers are displayed - * recursively in turn. NULL down pointers are silently omitted; - * NULL left and right pointers are printed. + * \li The name stored at each node, along with the node's color, is printed. + * Then the down pointer, left and right pointers are displayed + * recursively in turn. NULL down pointers are silently omitted; + * NULL left and right pointers are printed. */ /***** @@ -668,12 +678,12 @@ dns_rbtnodechain_init(dns_rbtnodechain_t *chain, isc_mem_t *mctx); * Initialize 'chain'. * * Requires: - *\li 'chain' is a valid pointer. + *\li 'chain' is a valid pointer. * - *\li 'mctx' is a valid memory context. + *\li 'mctx' is a valid memory context. * * Ensures: - *\li 'chain' is suitable for use. + *\li 'chain' is suitable for use. */ void @@ -683,10 +693,10 @@ dns_rbtnodechain_reset(dns_rbtnodechain_t *chain); * 'chain'. * * Requires: - *\li 'chain' is a valid pointer. + *\li 'chain' is a valid pointer. * * Ensures: - *\li 'chain' is suitable for use, and uses no dynamic storage. + *\li 'chain' is suitable for use, and uses no dynamic storage. */ void @@ -695,15 +705,15 @@ dns_rbtnodechain_invalidate(dns_rbtnodechain_t *chain); * Free any dynamic storage associated with 'chain', and then invalidates it. * * Notes: - *\li Future calls to any dns_rbtnodechain_ function will need to call - * dns_rbtnodechain_init on the chain first (except, of course, - * dns_rbtnodechain_init itself). + *\li Future calls to any dns_rbtnodechain_ function will need to call + * dns_rbtnodechain_init on the chain first (except, of course, + * dns_rbtnodechain_init itself). * * Requires: - *\li 'chain' is a valid chain. + *\li 'chain' is a valid chain. * * Ensures: - *\li 'chain' is no longer suitable for use, and uses no dynamic storage. + *\li 'chain' is no longer suitable for use, and uses no dynamic storage. */ isc_result_t @@ -713,37 +723,37 @@ dns_rbtnodechain_current(dns_rbtnodechain_t *chain, dns_name_t *name, * Provide the name, origin and node to which the chain is currently pointed. * * Notes: - *\li The tree need not have be locked against additions for the chain - * to remain valid, however there are no guarantees if any deletion - * has been made since the chain was established. + *\li The tree need not have be locked against additions for the chain + * to remain valid, however there are no guarantees if any deletion + * has been made since the chain was established. * * Requires: - *\li 'chain' is a valid chain. + *\li 'chain' is a valid chain. * * Ensures: - *\li 'node', if non-NULL, is the node to which the chain was pointed - * by dns_rbt_findnode, dns_rbtnodechain_first or dns_rbtnodechain_last. - * If none were called for the chain since it was initialized or reset, - * or if the was no predecessor to the name searched for with - * dns_rbt_findnode, then '*node' is NULL and ISC_R_NOTFOUND is returned. + *\li 'node', if non-NULL, is the node to which the chain was pointed + * by dns_rbt_findnode, dns_rbtnodechain_first or dns_rbtnodechain_last. + * If none were called for the chain since it was initialized or reset, + * or if the was no predecessor to the name searched for with + * dns_rbt_findnode, then '*node' is NULL and ISC_R_NOTFOUND is returned. * - *\li 'name', if non-NULL, is the name stored at the terminal level of - * the chain. This is typically a single label, like the "www" of - * "www.isc.org", but need not be so. At the root of the tree of trees, - * if the node is "." then 'name' is ".", otherwise it is relative to ".". - * (Minimalist and atypical case: if the tree has just the name - * "isc.org." then the root node's stored name is "isc.org." but 'name' - * will be "isc.org".) + *\li 'name', if non-NULL, is the name stored at the terminal level of + * the chain. This is typically a single label, like the "www" of + * "www.isc.org", but need not be so. At the root of the tree of trees, + * if the node is "." then 'name' is ".", otherwise it is relative to ".". + * (Minimalist and atypical case: if the tree has just the name + * "isc.org." then the root node's stored name is "isc.org." but 'name' + * will be "isc.org".) * - *\li 'origin', if non-NULL, is the sequence of labels in the levels - * above the terminal level, such as "isc.org." in the above example. - * 'origin' is always "." for the root node. + *\li 'origin', if non-NULL, is the sequence of labels in the levels + * above the terminal level, such as "isc.org." in the above example. + * 'origin' is always "." for the root node. * * * Returns: - *\li #ISC_R_SUCCESS name, origin & node were successfully set. - *\li #ISC_R_NOTFOUND The chain does not point to any node. - *\li <something_else> Any error return from dns_name_concatenate. + *\li #ISC_R_SUCCESS name, origin & node were successfully set. + *\li #ISC_R_NOTFOUND The chain does not point to any node. + *\li <something_else> Any error return from dns_name_concatenate. */ isc_result_t @@ -753,23 +763,23 @@ dns_rbtnodechain_first(dns_rbtnodechain_t *chain, dns_rbt_t *rbt, * Set the chain to the lexically first node in the tree of trees. * * Notes: - *\li By the definition of ordering for DNS names, the root of the tree of - * trees is the very first node, since everything else in the megatree - * uses it as a common suffix. + *\li By the definition of ordering for DNS names, the root of the tree of + * trees is the very first node, since everything else in the megatree + * uses it as a common suffix. * * Requires: - *\li 'chain' is a valid chain. - *\li 'rbt' is a valid rbt manager. + *\li 'chain' is a valid chain. + *\li 'rbt' is a valid rbt manager. * * Ensures: - *\li The chain points to the very first node of the tree. + *\li The chain points to the very first node of the tree. * - *\li 'name' and 'origin', if non-NULL, are set as described for - * dns_rbtnodechain_current. Thus 'origin' will always be ".". + *\li 'name' and 'origin', if non-NULL, are set as described for + * dns_rbtnodechain_current. Thus 'origin' will always be ".". * * Returns: - *\li #DNS_R_NEWORIGIN The name & origin were successfully set. - *\li <something_else> Any error result from dns_rbtnodechain_current. + *\li #DNS_R_NEWORIGIN The name & origin were successfully set. + *\li <something_else> Any error result from dns_rbtnodechain_current. */ isc_result_t @@ -779,19 +789,19 @@ dns_rbtnodechain_last(dns_rbtnodechain_t *chain, dns_rbt_t *rbt, * Set the chain to the lexically last node in the tree of trees. * * Requires: - *\li 'chain' is a valid chain. - *\li 'rbt' is a valid rbt manager. + *\li 'chain' is a valid chain. + *\li 'rbt' is a valid rbt manager. * * Ensures: - *\li The chain points to the very last node of the tree. + *\li The chain points to the very last node of the tree. * - *\li 'name' and 'origin', if non-NULL, are set as described for - * dns_rbtnodechain_current. + *\li 'name' and 'origin', if non-NULL, are set as described for + * dns_rbtnodechain_current. * * Returns: - *\li #DNS_R_NEWORIGIN The name & origin were successfully set. - *\li #ISC_R_NOMEMORY Resource Limit: Out of Memory building chain. - *\li <something_else> Any error result from dns_name_concatenate. + *\li #DNS_R_NEWORIGIN The name & origin were successfully set. + *\li #ISC_R_NOMEMORY Resource Limit: Out of Memory building chain. + *\li <something_else> Any error result from dns_name_concatenate. */ isc_result_t @@ -802,26 +812,26 @@ dns_rbtnodechain_prev(dns_rbtnodechain_t *chain, dns_name_t *name, * is currently pointed. * * Requires: - *\li 'chain' is a valid chain. - *\li 'chain' has been pointed somewhere in the tree with dns_rbt_findnode, - * dns_rbtnodechain_first or dns_rbtnodechain_last -- and remember that - * dns_rbt_findnode is not guaranteed to point the chain somewhere, - * since there may have been no predecessor to the searched for name. + *\li 'chain' is a valid chain. + *\li 'chain' has been pointed somewhere in the tree with dns_rbt_findnode, + * dns_rbtnodechain_first or dns_rbtnodechain_last -- and remember that + * dns_rbt_findnode is not guaranteed to point the chain somewhere, + * since there may have been no predecessor to the searched for name. * * Ensures: - *\li The chain is pointed to the predecessor of its current target. + *\li The chain is pointed to the predecessor of its current target. * - *\li 'name' and 'origin', if non-NULL, are set as described for - * dns_rbtnodechain_current. + *\li 'name' and 'origin', if non-NULL, are set as described for + * dns_rbtnodechain_current. * - *\li 'origin' is only if a new origin was found. + *\li 'origin' is only if a new origin was found. * * Returns: - *\li #ISC_R_SUCCESS The predecessor was found and 'name' was set. - *\li #DNS_R_NEWORIGIN The predecessor was found with a different - * origin and 'name' and 'origin' were set. - *\li #ISC_R_NOMORE There was no predecessor. - *\li <something_else> Any error result from dns_rbtnodechain_current. + *\li #ISC_R_SUCCESS The predecessor was found and 'name' was set. + *\li #DNS_R_NEWORIGIN The predecessor was found with a different + * origin and 'name' and 'origin' were set. + *\li #ISC_R_NOMORE There was no predecessor. + *\li <something_else> Any error result from dns_rbtnodechain_current. */ isc_result_t @@ -832,26 +842,39 @@ dns_rbtnodechain_next(dns_rbtnodechain_t *chain, dns_name_t *name, * is currently pointed. * * Requires: - *\li 'chain' is a valid chain. - *\li 'chain' has been pointed somewhere in the tree with dns_rbt_findnode, - * dns_rbtnodechain_first or dns_rbtnodechain_last -- and remember that - * dns_rbt_findnode is not guaranteed to point the chain somewhere, - * since there may have been no predecessor to the searched for name. + *\li 'chain' is a valid chain. + *\li 'chain' has been pointed somewhere in the tree with dns_rbt_findnode, + * dns_rbtnodechain_first or dns_rbtnodechain_last -- and remember that + * dns_rbt_findnode is not guaranteed to point the chain somewhere, + * since there may have been no predecessor to the searched for name. * * Ensures: - *\li The chain is pointed to the successor of its current target. + *\li The chain is pointed to the successor of its current target. * - *\li 'name' and 'origin', if non-NULL, are set as described for - * dns_rbtnodechain_current. + *\li 'name' and 'origin', if non-NULL, are set as described for + * dns_rbtnodechain_current. * - *\li 'origin' is only if a new origin was found. + *\li 'origin' is only if a new origin was found. * * Returns: - *\li #ISC_R_SUCCESS The successor was found and 'name' was set. - *\li #DNS_R_NEWORIGIN The successor was found with a different - * origin and 'name' and 'origin' were set. - *\li #ISC_R_NOMORE There was no successor. - *\li <something_else> Any error result from dns_name_concatenate. + *\li #ISC_R_SUCCESS The successor was found and 'name' was set. + *\li #DNS_R_NEWORIGIN The successor was found with a different + * origin and 'name' and 'origin' were set. + *\li #ISC_R_NOMORE There was no successor. + *\li <something_else> Any error result from dns_name_concatenate. + */ + +isc_result_t +dns_rbtnodechain_down(dns_rbtnodechain_t *chain, dns_name_t *name, + dns_name_t *origin); +/*%< + * Descend down if possible. + */ + +isc_result_t +dns_rbtnodechain_nextflat(dns_rbtnodechain_t *chain, dns_name_t *name); +/*%< + * Find the next node at the current depth in DNSSEC order. */ /* @@ -862,53 +885,53 @@ dns_rbtnodechain_next(dns_rbtnodechain_t *chain, dns_name_t *name, * hiding the back-end. The usage is the same as that of isc_refcount_xxx(). */ #ifdef DNS_RBT_USEISCREFCOUNT -#define dns_rbtnode_refinit(node, n) \ - do { \ - isc_refcount_init(&(node)->references, (n)); \ - } while (0) -#define dns_rbtnode_refdestroy(node) \ - do { \ - isc_refcount_destroy(&(node)->references); \ - } while (0) -#define dns_rbtnode_refcurrent(node) \ +#define dns_rbtnode_refinit(node, n) \ + do { \ + isc_refcount_init(&(node)->references, (n)); \ + } while (0) +#define dns_rbtnode_refdestroy(node) \ + do { \ + isc_refcount_destroy(&(node)->references); \ + } while (0) +#define dns_rbtnode_refcurrent(node) \ isc_refcount_current(&(node)->references) -#define dns_rbtnode_refincrement0(node, refs) \ - do { \ +#define dns_rbtnode_refincrement0(node, refs) \ + do { \ isc_refcount_increment0(&(node)->references, (refs)); \ - } while (0) -#define dns_rbtnode_refincrement(node, refs) \ - do { \ + } while (0) +#define dns_rbtnode_refincrement(node, refs) \ + do { \ isc_refcount_increment(&(node)->references, (refs)); \ - } while (0) -#define dns_rbtnode_refdecrement(node, refs) \ - do { \ + } while (0) +#define dns_rbtnode_refdecrement(node, refs) \ + do { \ isc_refcount_decrement(&(node)->references, (refs)); \ - } while (0) + } while (0) #else /* DNS_RBT_USEISCREFCOUNT */ -#define dns_rbtnode_refinit(node, n) ((node)->references = (n)) -#define dns_rbtnode_refdestroy(node) (REQUIRE((node)->references == 0)) -#define dns_rbtnode_refcurrent(node) ((node)->references) -#define dns_rbtnode_refincrement0(node, refs) \ - do { \ - unsigned int *_tmp = (unsigned int *)(refs); \ - (node)->references++; \ - if ((_tmp) != NULL) \ - (*_tmp) = (node)->references; \ - } while (0) -#define dns_rbtnode_refincrement(node, refs) \ - do { \ - REQUIRE((node)->references > 0); \ - (node)->references++; \ - if ((refs) != NULL) \ - (*refs) = (node)->references; \ - } while (0) -#define dns_rbtnode_refdecrement(node, refs) \ - do { \ - REQUIRE((node)->references > 0); \ - (node)->references--; \ - if ((refs) != NULL) \ - (*refs) = (node)->references; \ - } while (0) +#define dns_rbtnode_refinit(node, n) ((node)->references = (n)) +#define dns_rbtnode_refdestroy(node) (REQUIRE((node)->references == 0)) +#define dns_rbtnode_refcurrent(node) ((node)->references) +#define dns_rbtnode_refincrement0(node, refs) \ + do { \ + unsigned int *_tmp = (unsigned int *)(refs); \ + (node)->references++; \ + if ((_tmp) != NULL) \ + (*_tmp) = (node)->references; \ + } while (0) +#define dns_rbtnode_refincrement(node, refs) \ + do { \ + REQUIRE((node)->references > 0); \ + (node)->references++; \ + if ((refs) != NULL) \ + (*refs) = (node)->references; \ + } while (0) +#define dns_rbtnode_refdecrement(node, refs) \ + do { \ + REQUIRE((node)->references > 0); \ + (node)->references--; \ + if ((refs) != NULL) \ + (*refs) = (node)->references; \ + } while (0) #endif /* DNS_RBT_USEISCREFCOUNT */ ISC_LANG_ENDDECLS diff --git a/contrib/bind9/lib/dns/include/dns/rcode.h b/contrib/bind9/lib/dns/include/dns/rcode.h index 03c145b..94e831b 100644 --- a/contrib/bind9/lib/dns/include/dns/rcode.h +++ b/contrib/bind9/lib/dns/include/dns/rcode.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rcode.h,v 1.13.18.2 2005/04/29 00:16:18 marka Exp $ */ +/* $Id: rcode.h,v 1.21 2008/09/25 04:02:39 tbox Exp $ */ #ifndef DNS_RCODE_H #define DNS_RCODE_H 1 -/*! \file */ +/*! \file dns/rcode.h */ #include <isc/lang.h> @@ -93,6 +93,21 @@ isc_result_t dns_tsigrcode_totext(dns_rcode_t rcode, isc_buffer_t *target); *\li #ISC_R_NOSPACE target buffer is too small */ +isc_result_t +dns_hashalg_fromtext(unsigned char *hashalg, isc_textregion_t *source); +/*%< + * Convert the text 'source' refers to into a has algorithm value. + * + * Requires: + *\li 'hashalg' is a valid pointer. + * + *\li 'source' is a valid text region. + * + * Returns: + *\li #ISC_R_SUCCESS on success + *\li #DNS_R_UNKNOWN type is unknown + */ + ISC_LANG_ENDDECLS #endif /* DNS_RCODE_H */ diff --git a/contrib/bind9/lib/dns/include/dns/rdata.h b/contrib/bind9/lib/dns/include/dns/rdata.h index a14bde7..126bc96 100644 --- a/contrib/bind9/lib/dns/include/dns/rdata.h +++ b/contrib/bind9/lib/dns/include/dns/rdata.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdata.h,v 1.60.18.3 2005/05/19 04:59:56 marka Exp $ */ +/* $Id: rdata.h,v 1.70.120.3 2009/02/16 00:29:27 marka Exp $ */ #ifndef DNS_RDATA_H #define DNS_RDATA_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/rdata.h * \brief * Provides facilities for manipulating DNS rdata, including conversions to * and from wire format and text format. @@ -49,7 +49,7 @@ * build process from a set of source files, one per rdata type. For * portability, it's probably best that the building be done by a C * program. Adding a new rdata type will be a simple matter of adding - * a file to a directory and rebuilding the server. *All* knowlege of + * a file to a directory and rebuilding the server. *All* knowledge of * the format of a particular rdata type is in this file. * * MP: @@ -124,7 +124,8 @@ struct dns_rdata { #define DNS_RDATA_INIT { NULL, 0, 0, 0, 0, {(void*)(-1), (void *)(-1)}} -#define DNS_RDATA_UPDATE 0x0001 /*%< update pseudo record */ +#define DNS_RDATA_UPDATE 0x0001 /*%< update pseudo record. */ +#define DNS_RDATA_OFFLINE 0x0002 /*%< RRSIG has a offline key. */ /* * Flags affecting rdata formatting style. Flags 0xFFFF0000 @@ -327,11 +328,11 @@ dns_rdata_fromtext(dns_rdata_t *rdata, dns_rdataclass_t rdclass, *\li 'target' is a valid region. * *\li 'origin' if non NULL it must be absolute. - * + * *\li 'callbacks' to be NULL or callbacks->warn and callbacks->error be * initialized. * - * Ensures, + * Ensures, * if result is success: *\li If 'rdata' is not NULL, it is attached to the target. @@ -384,7 +385,8 @@ dns_rdata_totext(dns_rdata_t *rdata, dns_name_t *origin, isc_buffer_t *target); isc_result_t dns_rdata_tofmttext(dns_rdata_t *rdata, dns_name_t *origin, unsigned int flags, - unsigned int width, char *linebreak, isc_buffer_t *target); + unsigned int width, const char *linebreak, + isc_buffer_t *target); /*%< * Like dns_rdata_totext, but do formatted output suitable for * database dumps. This is intended for use by dns_db_dump(); diff --git a/contrib/bind9/lib/dns/include/dns/rdataclass.h b/contrib/bind9/lib/dns/include/dns/rdataclass.h index fc622bf..786eb6a 100644 --- a/contrib/bind9/lib/dns/include/dns/rdataclass.h +++ b/contrib/bind9/lib/dns/include/dns/rdataclass.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataclass.h,v 1.18.18.2 2005/04/29 00:16:18 marka Exp $ */ +/* $Id: rdataclass.h,v 1.24 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_RDATACLASS_H #define DNS_RDATACLASS_H 1 -/*! \file */ +/*! \file dns/rdataclass.h */ #include <isc/lang.h> diff --git a/contrib/bind9/lib/dns/include/dns/rdatalist.h b/contrib/bind9/lib/dns/include/dns/rdatalist.h index 697386f..57debc3 100644 --- a/contrib/bind9/lib/dns/include/dns/rdatalist.h +++ b/contrib/bind9/lib/dns/include/dns/rdatalist.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdatalist.h,v 1.14.18.2 2005/04/29 00:16:19 marka Exp $ */ +/* $Id: rdatalist.h,v 1.22 2008/04/03 06:09:05 tbox Exp $ */ #ifndef DNS_RDATALIST_H #define DNS_RDATALIST_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/rdatalist.h * \brief * A DNS rdatalist is a list of rdata of a common type and class. * @@ -98,6 +98,27 @@ dns_rdatalist_tordataset(dns_rdatalist_t *rdatalist, *\li #ISC_R_SUCCESS */ +isc_result_t +dns_rdatalist_fromrdataset(dns_rdataset_t *rdataset, + dns_rdatalist_t **rdatalist); +/*%< + * Point 'rdatalist' to the rdatalist in 'rdataset'. + * + * Requires: + * + *\li 'rdatalist' is a pointer to a NULL dns_rdatalist_t pointer. + * + *\li 'rdataset' is a valid rdataset associated with an rdatalist. + * + * Ensures, + * on success, + * + *\li 'rdatalist' is pointed to the rdatalist in rdataset. + * + * Returns: + *\li #ISC_R_SUCCESS + */ + ISC_LANG_ENDDECLS #endif /* DNS_RDATALIST_H */ diff --git a/contrib/bind9/lib/dns/include/dns/rdataset.h b/contrib/bind9/lib/dns/include/dns/rdataset.h index 5597591..baff146 100644 --- a/contrib/bind9/lib/dns/include/dns/rdataset.h +++ b/contrib/bind9/lib/dns/include/dns/rdataset.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataset.h,v 1.51.18.7 2006/03/03 00:56:53 marka Exp $ */ +/* $Id: rdataset.h,v 1.65.50.2 2009/01/18 23:47:41 tbox Exp $ */ #ifndef DNS_RDATASET_H #define DNS_RDATASET_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/rdataset.h * \brief * A DNS rdataset is a handle that can be associated with a collection of * rdata all having a common owner name, class, and type. @@ -78,8 +78,14 @@ typedef struct dns_rdatasetmethods { dns_name_t *name); isc_result_t (*getnoqname)(dns_rdataset_t *rdataset, dns_name_t *name, - dns_rdataset_t *nsec, - dns_rdataset_t *nsecsig); + dns_rdataset_t *neg, + dns_rdataset_t *negsig); + isc_result_t (*addclosest)(dns_rdataset_t *rdataset, + dns_name_t *name); + isc_result_t (*getclosest)(dns_rdataset_t *rdataset, + dns_name_t *name, + dns_rdataset_t *neg, + dns_rdataset_t *negsig); isc_result_t (*getadditional)(dns_rdataset_t *rdataset, dns_rdatasetadditional_t type, dns_rdatatype_t qtype, @@ -140,6 +146,11 @@ struct dns_rdataset { * increment the counter. */ isc_uint32_t count; + /* + * This RRSIG RRset should be re-generated around this time. + * Only valid if DNS_RDATASETATTR_RESIGN is set in attributes. + */ + isc_stdtime_t resign; /*@{*/ /*% * These are for use by the rdataset implementation, and MUST NOT @@ -151,7 +162,9 @@ struct dns_rdataset { unsigned int privateuint4; void * private5; void * private6; + void * private7; /*@}*/ + }; /*! @@ -184,6 +197,9 @@ struct dns_rdataset { #define DNS_RDATASETATTR_CHECKNAMES 0x00008000 /*%< Used by resolver. */ #define DNS_RDATASETATTR_REQUIREDGLUE 0x00010000 #define DNS_RDATASETATTR_LOADORDER 0x00020000 +#define DNS_RDATASETATTR_RESIGN 0x00040000 +#define DNS_RDATASETATTR_CLOSEST 0x00080000 +#define DNS_RDATASETATTR_OPTOUT 0x00100000 /*%< OPTOUT proof */ /*% * _OMITDNSSEC: @@ -348,8 +364,8 @@ dns_rdataset_totext(dns_rdataset_t *rdataset, * Notes: *\li The rdata cursor position will be changed. * - *\li The 'question' flag should normally be #ISC_FALSE. If it is - * #ISC_TRUE, the TTL and rdata fields are not printed. This is + *\li The 'question' flag should normally be #ISC_FALSE. If it is + * #ISC_TRUE, the TTL and rdata fields are not printed. This is * for use when printing an rdata representing a question section. * *\li This interface is deprecated; use dns_master_rdatasettottext() @@ -411,7 +427,7 @@ dns_rdataset_towiresorted(dns_rdataset_t *rdataset, unsigned int *countp); /*%< * Like dns_rdataset_towire(), but sorting the rdatasets according to - * the integer value returned by 'order' when called witih the rdataset + * the integer value returned by 'order' when called with the rdataset * and 'order_arg' as arguments. * * Requires: @@ -477,14 +493,14 @@ dns_rdataset_additionaldata(dns_rdataset_t *rdataset, isc_result_t dns_rdataset_getnoqname(dns_rdataset_t *rdataset, dns_name_t *name, - dns_rdataset_t *nsec, dns_rdataset_t *nsecsig); + dns_rdataset_t *neg, dns_rdataset_t *negsig); /*%< * Return the noqname proof for this record. * * Requires: *\li 'rdataset' to be valid and #DNS_RDATASETATTR_NOQNAME to be set. *\li 'name' to be valid. - *\li 'nsec' and 'nsecsig' to be valid and not associated. + *\li 'neg' and 'negsig' to be valid and not associated. */ isc_result_t @@ -493,11 +509,37 @@ dns_rdataset_addnoqname(dns_rdataset_t *rdataset, dns_name_t *name); * Associate a noqname proof with this record. * Sets #DNS_RDATASETATTR_NOQNAME if successful. * Adjusts the 'rdataset->ttl' to minimum of the 'rdataset->ttl' and - * the 'nsec' and 'rrsig(nsec)' ttl. + * the 'nsec'/'nsec3' and 'rrsig(nsec)'/'rrsig(nsec3)' ttl. * * Requires: *\li 'rdataset' to be valid and #DNS_RDATASETATTR_NOQNAME to be set. - *\li 'name' to be valid and have NSEC and RRSIG(NSEC) rdatasets. + *\li 'name' to be valid and have NSEC or NSEC3 and associated RRSIG + * rdatasets. + */ + +isc_result_t +dns_rdataset_getclosest(dns_rdataset_t *rdataset, dns_name_t *name, + dns_rdataset_t *nsec, dns_rdataset_t *nsecsig); +/*%< + * Return the closest encloser for this record. + * + * Requires: + *\li 'rdataset' to be valid and #DNS_RDATASETATTR_CLOSEST to be set. + *\li 'name' to be valid. + *\li 'nsec' and 'nsecsig' to be valid and not associated. + */ + +isc_result_t +dns_rdataset_addclosest(dns_rdataset_t *rdataset, dns_name_t *name); +/*%< + * Associate a closest encloset proof with this record. + * Sets #DNS_RDATASETATTR_CLOSEST if successful. + * Adjusts the 'rdataset->ttl' to minimum of the 'rdataset->ttl' and + * the 'nsec' and 'rrsig(nsec)' ttl. + * + * Requires: + *\li 'rdataset' to be valid and #DNS_RDATASETATTR_CLOSEST to be set. + *\li 'name' to be valid and have NSEC3 and RRSIG(NSEC3) rdatasets. */ isc_result_t diff --git a/contrib/bind9/lib/dns/include/dns/rdatasetiter.h b/contrib/bind9/lib/dns/include/dns/rdatasetiter.h index b2e13f8..dcde367 100644 --- a/contrib/bind9/lib/dns/include/dns/rdatasetiter.h +++ b/contrib/bind9/lib/dns/include/dns/rdatasetiter.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdatasetiter.h,v 1.15.18.2 2005/04/29 00:16:19 marka Exp $ */ +/* $Id: rdatasetiter.h,v 1.21 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_RDATASETITER_H #define DNS_RDATASETITER_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/rdatasetiter.h * \brief * The DNS Rdataset Iterator interface allows iteration of all of the * rdatasets at a node. diff --git a/contrib/bind9/lib/dns/include/dns/rdataslab.h b/contrib/bind9/lib/dns/include/dns/rdataslab.h index b693a71..3ac44b8 100644 --- a/contrib/bind9/lib/dns/include/dns/rdataslab.h +++ b/contrib/bind9/lib/dns/include/dns/rdataslab.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataslab.h,v 1.25.18.2 2005/04/29 00:16:19 marka Exp $ */ +/* $Id: rdataslab.h,v 1.33 2008/04/01 23:47:10 tbox Exp $ */ #ifndef DNS_RDATASLAB_H #define DNS_RDATASLAB_H 1 -/*! \file +/*! \file dns/rdataslab.h * \brief * Implements storage of rdatasets into slabs of memory. * @@ -57,6 +57,13 @@ ISC_LANG_BEGINDECLS #define DNS_RDATASLAB_FORCE 0x1 #define DNS_RDATASLAB_EXACT 0x2 +#define DNS_RDATASLAB_OFFLINE 0x01 /* RRSIG is for offline DNSKEY */ +#define DNS_RDATASLAB_WARNMASK 0x0E /*%< RRSIG(DNSKEY) expired + * warnings number mask. */ +#define DNS_RDATASLAB_WARNSHIFT 1 /*%< How many bits to shift to find + * remaining expired warning number. */ + + /*** *** Functions ***/ @@ -146,10 +153,10 @@ dns_rdataslab_equal(unsigned char *slab1, unsigned char *slab2, */ isc_boolean_t dns_rdataslab_equalx(unsigned char *slab1, unsigned char *slab2, - unsigned int reservelen, dns_rdataclass_t rdclass, + unsigned int reservelen, dns_rdataclass_t rdclass, dns_rdatatype_t type); /*%< - * Compare two rdataslabs for DNSSEC equality. + * Compare two rdataslabs for DNSSEC equality. * * Requires: *\li 'slab1' and 'slab2' point to slabs. diff --git a/contrib/bind9/lib/dns/include/dns/rdatatype.h b/contrib/bind9/lib/dns/include/dns/rdatatype.h index 40a884d..ba9a92c 100644 --- a/contrib/bind9/lib/dns/include/dns/rdatatype.h +++ b/contrib/bind9/lib/dns/include/dns/rdatatype.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdatatype.h,v 1.18.18.2 2005/04/29 00:16:20 marka Exp $ */ +/* $Id: rdatatype.h,v 1.26 2008/09/25 04:02:39 tbox Exp $ */ #ifndef DNS_RDATATYPE_H #define DNS_RDATATYPE_H 1 -/*! \file */ +/*! \file dns/rdatatype.h */ #include <isc/lang.h> @@ -71,7 +71,8 @@ dns_rdatatype_format(dns_rdatatype_t rdtype, * The resulting string is guaranteed to be null-terminated. */ -#define DNS_RDATATYPE_FORMATSIZE sizeof("TYPE65535") +#define DNS_RDATATYPE_FORMATSIZE sizeof("NSEC3PARAM") + /*%< * Minimum size of array to pass to dns_rdatatype_format(). * May need to be adjusted if a new RR type with a very long diff --git a/contrib/bind9/lib/dns/include/dns/request.h b/contrib/bind9/lib/dns/include/dns/request.h index b858a9e..62a83ca 100644 --- a/contrib/bind9/lib/dns/include/dns/request.h +++ b/contrib/bind9/lib/dns/include/dns/request.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: request.h,v 1.21.18.2 2005/04/29 00:16:20 marka Exp $ */ +/* $Id: request.h,v 1.27.332.2 2009/01/18 23:47:41 tbox Exp $ */ #ifndef DNS_REQUEST_H #define DNS_REQUEST_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/request.h * * \brief * The request module provides simple request/response services useful for @@ -49,7 +49,7 @@ #define DNS_REQUESTOPT_TCP 0x00000001U typedef struct dns_requestevent { - ISC_EVENT_COMMON(struct dns_requestevent); + ISC_EVENT_COMMON(struct dns_requestevent); isc_result_t result; dns_request_t *request; } dns_requestevent_t; @@ -217,7 +217,7 @@ dns_request_createvia3(dns_requestmgr_t *requestmgr, dns_message_t *message, unsigned int udpretries, isc_task_t *task, isc_taskaction_t action, void *arg, dns_request_t **requestp); -/*%< +/*%< * Create and send a request. * * Notes: @@ -271,7 +271,7 @@ dns_request_createraw3(dns_requestmgr_t *requestmgr, isc_buffer_t *msgbuf, unsigned int udptimeout, unsigned int udpretries, isc_task_t *task, isc_taskaction_t action, void *arg, dns_request_t **requestp); -/*!< +/*!< * \brief Create and send a request. * * Notes: @@ -280,7 +280,7 @@ dns_request_createraw3(dns_requestmgr_t *requestmgr, isc_buffer_t *msgbuf, * #DNS_REQUESTOPT_TCP option is set, TCP will be used. The request * will timeout after 'timeout' seconds. UDP requests will be resent * at 'udptimeout' intervals if non-zero or if 'udpretries' is not zero. - * + * *\li When the request completes, successfully, due to a timeout, or * because it was canceled, a completion event will be sent to 'task'. * @@ -344,7 +344,7 @@ dns_request_usedtcp(dns_request_t *request); /*%< * Return whether this query used TCP or not. Setting #DNS_REQUESTOPT_TCP * in the call to dns_request_create() will cause the function to return - * #ISC_TRUE, othewise the result is based on the query message size. + * #ISC_TRUE, otherwise the result is based on the query message size. * * Requires: *\li 'request' is a valid request. diff --git a/contrib/bind9/lib/dns/include/dns/resolver.h b/contrib/bind9/lib/dns/include/dns/resolver.h index 4e0e6a0..fa837c1 100644 --- a/contrib/bind9/lib/dns/include/dns/resolver.h +++ b/contrib/bind9/lib/dns/include/dns/resolver.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resolver.h,v 1.40.18.11 2006/02/01 22:39:17 marka Exp $ */ +/* $Id: resolver.h,v 1.60.56.3 2009/01/29 22:40:35 jinmei Exp $ */ #ifndef DNS_RESOLVER_H #define DNS_RESOLVER_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/resolver.h * * \brief * This is the BIND 9 resolver, the module responsible for resolving DNS @@ -93,13 +93,29 @@ typedef struct dns_fetchevent { #define DNS_FETCHOPT_FORWARDONLY 0x10 /*%< Only use forwarders. */ #define DNS_FETCHOPT_NOVALIDATE 0x20 /*%< Disable validation. */ #define DNS_FETCHOPT_EDNS512 0x40 /*%< Advertise a 512 byte - UDP buffer. */ + UDP buffer. */ +#define DNS_FETCHOPT_WANTNSID 0x80 /*%< Request NSID */ #define DNS_FETCHOPT_EDNSVERSIONSET 0x00800000 #define DNS_FETCHOPT_EDNSVERSIONMASK 0xff000000 #define DNS_FETCHOPT_EDNSVERSIONSHIFT 24 /* + * Upper bounds of class of query RTT (ms). Corresponds to + * dns_resstatscounter_queryrttX statistics counters. + */ +#define DNS_RESOLVER_QRYRTTCLASS0 10 +#define DNS_RESOLVER_QRYRTTCLASS0STR "10" +#define DNS_RESOLVER_QRYRTTCLASS1 100 +#define DNS_RESOLVER_QRYRTTCLASS1STR "100" +#define DNS_RESOLVER_QRYRTTCLASS2 500 +#define DNS_RESOLVER_QRYRTTCLASS2STR "500" +#define DNS_RESOLVER_QRYRTTCLASS3 800 +#define DNS_RESOLVER_QRYRTTCLASS3STR "800" +#define DNS_RESOLVER_QRYRTTCLASS4 1600 +#define DNS_RESOLVER_QRYRTTCLASS4STR "1600" + +/* * XXXRTH Should this API be made semi-private? (I.e. * _dns_resolver_create()). */ @@ -126,8 +142,6 @@ dns_resolver_create(dns_view_t *view, *\li Generally, applications should not create a resolver directly, but * should instead call dns_view_createresolver(). * - *\li No options are currently defined. - * * Requires: * *\li 'view' is a valid view. @@ -348,6 +362,23 @@ dns_resolver_destroyfetch(dns_fetch_t **fetchp); *\li *fetchp == NULL. */ +void +dns_resolver_logfetch(dns_fetch_t *fetch, isc_log_t *lctx, + isc_logcategory_t *category, isc_logmodule_t *module, + int level, isc_boolean_t duplicateok); +/*%< + * Dump a log message on internal state at the completion of given 'fetch'. + * 'lctx', 'category', 'module', and 'level' are used to write the log message. + * By default, only one log message is written even if the corresponding fetch + * context serves multiple clients; if 'duplicateok' is true the suppression + * is disabled and the message can be written every time this function is + * called. + * + * Requires: + * + *\li 'fetch' is a valid fetch, and has completed. + */ + dns_dispatchmgr_t * dns_resolver_dispatchmgr(dns_resolver_t *resolver); @@ -470,10 +501,13 @@ dns_resolver_getclientsperquery(dns_resolver_t *resolver, isc_uint32_t *cur, isc_boolean_t dns_resolver_getzeronosoattl(dns_resolver_t *resolver); - + void dns_resolver_setzeronosoattl(dns_resolver_t *resolver, isc_boolean_t state); +unsigned int +dns_resolver_getoptions(dns_resolver_t *resolver); + ISC_LANG_ENDDECLS #endif /* DNS_RESOLVER_H */ diff --git a/contrib/bind9/lib/dns/include/dns/result.h b/contrib/bind9/lib/dns/include/dns/result.h index db5481b..ed29bcd 100644 --- a/contrib/bind9/lib/dns/include/dns/result.h +++ b/contrib/bind9/lib/dns/include/dns/result.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: result.h,v 1.104.10.6 2005/06/17 02:04:32 marka Exp $ */ +/* $Id: result.h,v 1.116 2008/09/25 04:02:39 tbox Exp $ */ #ifndef DNS_RESULT_H #define DNS_RESULT_H 1 -/*! \file */ +/*! \file dns/result.h */ #include <isc/lang.h> #include <isc/resultclass.h> @@ -147,8 +147,9 @@ #define DNS_R_COVERINGNSEC (ISC_RESULTCLASS_DNS + 101) #define DNS_R_MXISADDRESS (ISC_RESULTCLASS_DNS + 102) #define DNS_R_DUPLICATE (ISC_RESULTCLASS_DNS + 103) +#define DNS_R_INVALIDNSEC3 (ISC_RESULTCLASS_DNS + 104) -#define DNS_R_NRESULTS 104 /*%< Number of results */ +#define DNS_R_NRESULTS 105 /*%< Number of results */ /* * DNS wire format rcodes. diff --git a/contrib/bind9/lib/dns/include/dns/rootns.h b/contrib/bind9/lib/dns/include/dns/rootns.h index a3ddc48..6da3f79 100644 --- a/contrib/bind9/lib/dns/include/dns/rootns.h +++ b/contrib/bind9/lib/dns/include/dns/rootns.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rootns.h,v 1.9.18.3 2005/04/27 05:01:38 sra Exp $ */ +/* $Id: rootns.h,v 1.16 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_ROOTNS_H #define DNS_ROOTNS_H 1 -/*! \file */ +/*! \file dns/rootns.h */ #include <isc/lang.h> diff --git a/contrib/bind9/lib/dns/include/dns/sdb.h b/contrib/bind9/lib/dns/include/dns/sdb.h index de849f9..c850028 100644 --- a/contrib/bind9/lib/dns/include/dns/sdb.h +++ b/contrib/bind9/lib/dns/include/dns/sdb.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sdb.h,v 1.15.18.2 2005/04/29 00:16:21 marka Exp $ */ +/* $Id: sdb.h,v 1.21.332.2 2009/01/18 23:47:41 tbox Exp $ */ #ifndef DNS_SDB_H #define DNS_SDB_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/sdb.h * \brief * Simple database API. */ @@ -127,12 +127,12 @@ dns_sdb_register(const char *drivername, const dns_sdbmethods_t *methods, * The allnodes function, if non-NULL, fills in an opaque structure to be * used by a database iterator. This allows the zone to be transferred. * This may use a considerable amount of memory for large zones, and the - * zone transfer may not be fully RFC1035 compliant if the zone is + * zone transfer may not be fully RFC1035 compliant if the zone is * frequently changed. * * The create function will be called for each zone configured * into the name server using this database type. It can be used - * to create a "database object" containg zone specific data, + * to create a "database object" containing zone specific data, * which can make use of the database arguments specified in the * name server configuration. * diff --git a/contrib/bind9/lib/dns/include/dns/sdlz.h b/contrib/bind9/lib/dns/include/dns/sdlz.h index 13ba14a..acb0437 100644 --- a/contrib/bind9/lib/dns/include/dns/sdlz.h +++ b/contrib/bind9/lib/dns/include/dns/sdlz.h @@ -1,8 +1,8 @@ /* - * Portions Copyright (C) 2005 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2005-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -50,9 +50,9 @@ * USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sdlz.h,v 1.2.2.2 2005/09/06 03:47:19 marka Exp $ */ +/* $Id: sdlz.h,v 1.7.332.2 2009/01/18 23:47:41 tbox Exp $ */ -/*! \file */ +/*! \file dns/sdlz.h */ #ifndef SDLZ_H #define SDLZ_H 1 @@ -148,7 +148,7 @@ typedef void /*%< * Method prototype. Drivers implementing the SDLZ interface may * supply a destroy method. This method is called when the DNS server - * is shuting down and no longer needs the driver. A SDLZ driver does + * is shutting down and no longer needs the driver. A SDLZ driver does * not have to implement a destroy method. */ @@ -173,7 +173,7 @@ typedef isc_result_t * \li 3) we run out of domain name labels. I.E. we have tried the * shortest domain name * - * \li 4) the number of labels in the domain name is less than min_lables + * \li 4) the number of labels in the domain name is less than min_labels * for dns_dlzfindzone * * The driver's find zone method should return ISC_R_SUCCESS if the diff --git a/contrib/bind9/lib/dns/include/dns/secalg.h b/contrib/bind9/lib/dns/include/dns/secalg.h index 0466d91..2e4fe3e 100644 --- a/contrib/bind9/lib/dns/include/dns/secalg.h +++ b/contrib/bind9/lib/dns/include/dns/secalg.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: secalg.h,v 1.13.18.2 2005/04/29 00:16:21 marka Exp $ */ +/* $Id: secalg.h,v 1.19 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_SECALG_H #define DNS_SECALG_H 1 -/*! \file */ +/*! \file dns/secalg.h */ #include <isc/lang.h> diff --git a/contrib/bind9/lib/dns/include/dns/secproto.h b/contrib/bind9/lib/dns/include/dns/secproto.h index a6cfd5c..b9179c0 100644 --- a/contrib/bind9/lib/dns/include/dns/secproto.h +++ b/contrib/bind9/lib/dns/include/dns/secproto.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: secproto.h,v 1.10.18.2 2005/04/29 00:16:21 marka Exp $ */ +/* $Id: secproto.h,v 1.16 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_SECPROTO_H #define DNS_SECPROTO_H 1 -/*! \file */ +/*! \file dns/secproto.h */ #include <isc/lang.h> diff --git a/contrib/bind9/lib/dns/include/dns/soa.h b/contrib/bind9/lib/dns/include/dns/soa.h index 70c6725..bb56365 100644 --- a/contrib/bind9/lib/dns/include/dns/soa.h +++ b/contrib/bind9/lib/dns/include/dns/soa.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: soa.h,v 1.3.18.2 2005/04/29 00:16:22 marka Exp $ */ +/* $Id: soa.h,v 1.9 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_SOA_H #define DNS_SOA_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/soa.h * \brief * SOA utilities. */ diff --git a/contrib/bind9/lib/dns/include/dns/ssu.h b/contrib/bind9/lib/dns/include/dns/ssu.h index b709030..f013bd0 100644 --- a/contrib/bind9/lib/dns/include/dns/ssu.h +++ b/contrib/bind9/lib/dns/include/dns/ssu.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ssu.h,v 1.13.18.4 2006/02/16 23:51:32 marka Exp $ */ +/* $Id: ssu.h,v 1.24 2008/01/18 23:46:58 tbox Exp $ */ #ifndef DNS_SSU_H #define DNS_SSU_H 1 -/*! \file */ +/*! \file dns/ssu.h */ #include <isc/lang.h> @@ -28,14 +28,19 @@ ISC_LANG_BEGINDECLS -#define DNS_SSUMATCHTYPE_NAME 0 -#define DNS_SSUMATCHTYPE_SUBDOMAIN 1 -#define DNS_SSUMATCHTYPE_WILDCARD 2 -#define DNS_SSUMATCHTYPE_SELF 3 -#define DNS_SSUMATCHTYPE_SELFSUB 4 -#define DNS_SSUMATCHTYPE_SELFWILD 5 -#define DNS_SSUMATCHTYPE_MAX 5 /* maximum defined value */ - +#define DNS_SSUMATCHTYPE_NAME 0 +#define DNS_SSUMATCHTYPE_SUBDOMAIN 1 +#define DNS_SSUMATCHTYPE_WILDCARD 2 +#define DNS_SSUMATCHTYPE_SELF 3 +#define DNS_SSUMATCHTYPE_SELFSUB 4 +#define DNS_SSUMATCHTYPE_SELFWILD 5 +#define DNS_SSUMATCHTYPE_SELFKRB5 6 +#define DNS_SSUMATCHTYPE_SELFMS 7 +#define DNS_SSUMATCHTYPE_SUBDOMAINMS 8 +#define DNS_SSUMATCHTYPE_SUBDOMAINKRB5 9 +#define DNS_SSUMATCHTYPE_TCPSELF 10 +#define DNS_SSUMATCHTYPE_6TO4SELF 11 +#define DNS_SSUMATCHTYPE_MAX 11 /* max value */ isc_result_t dns_ssutable_create(isc_mem_t *mctx, dns_ssutable_t **table); @@ -91,8 +96,8 @@ dns_ssutable_addrule(dns_ssutable_t *table, isc_boolean_t grant, * at that name. * * Notes: - *\li If 'matchtype' is SELF, this rule only matches if the name - * to be updated matches the signing identity. + *\li If 'matchtype' is of SELF type, this rule only matches if the + * name to be updated matches the signing identity. * *\li If 'ntypes' is 0, this rule applies to all types except * NS, SOA, RRSIG, and NSEC. @@ -114,16 +119,35 @@ dns_ssutable_addrule(dns_ssutable_t *table, isc_boolean_t grant, isc_boolean_t dns_ssutable_checkrules(dns_ssutable_t *table, dns_name_t *signer, - dns_name_t *name, dns_rdatatype_t type); + dns_name_t *name, isc_netaddr_t *tcpaddr, + dns_rdatatype_t type); /*%< * Checks that the attempted update of (name, type) is allowed according * to the rules specified in the simple-secure-update rule table. If - * no rules are matched, access is denied. If signer is NULL, access - * is denied. + * no rules are matched, access is denied. + * + * Notes: + * 'tcpaddr' should only be set if the request received + * via TCP. This provides a weak assurance that the + * request was not spoofed. 'tcpaddr' is to to validate + * DNS_SSUMATCHTYPE_TCPSELF and DNS_SSUMATCHTYPE_6TO4SELF + * rules. + * + * For DNS_SSUMATCHTYPE_TCPSELF the addresses are mapped to + * the standard reverse names under IN-ADDR.ARPA and IP6.ARPA. + * RFC 1035, Section 3.5, "IN-ADDR.ARPA domain" and RFC 3596, + * Section 2.5, "IP6.ARPA Domain". + * + * For DNS_SSUMATCHTYPE_6TO4SELF, IPv4 address are converted + * to a 6to4 prefix (48 bits) per the rules in RFC 3056. Only + * the top 48 bits of the IPv6 address are mapped to the reverse + * name. This is independent of whether the most significant 16 + * bits match 2002::/16, assigned for 6to4 prefixes, or not. * * Requires: *\li 'table' is a valid SSU table *\li 'signer' is NULL or a valid absolute name + *\li 'tcpaddr' is NULL or a valid network address. *\li 'name' is a valid absolute name */ diff --git a/contrib/bind9/lib/dns/include/dns/stats.h b/contrib/bind9/lib/dns/include/dns/stats.h index 6cd95ac..0b35aa8 100644 --- a/contrib/bind9/lib/dns/include/dns/stats.h +++ b/contrib/bind9/lib/dns/include/dns/stats.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,19 +15,77 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: stats.h,v 1.5.18.4 2005/06/27 00:20:03 marka Exp $ */ +/* $Id: stats.h,v 1.18.56.2 2009/01/29 23:47:44 tbox Exp $ */ #ifndef DNS_STATS_H #define DNS_STATS_H 1 -/*! \file */ +/*! \file dns/stats.h */ #include <dns/types.h> /*% - * Query statistics counter types. + * Statistics counters. Used as isc_statscounter_t values. */ -typedef enum { +enum { + /*% + * Resolver statistics counters. + */ + dns_resstatscounter_queryv4 = 0, + dns_resstatscounter_queryv6 = 1, + dns_resstatscounter_responsev4 = 2, + dns_resstatscounter_responsev6 = 3, + dns_resstatscounter_nxdomain = 4, + dns_resstatscounter_servfail = 5, + dns_resstatscounter_formerr = 6, + dns_resstatscounter_othererror = 7, + dns_resstatscounter_edns0fail = 8, + dns_resstatscounter_mismatch = 9, + dns_resstatscounter_truncated = 10, + dns_resstatscounter_lame = 11, + dns_resstatscounter_retry = 12, + dns_resstatscounter_gluefetchv4 = 13, + dns_resstatscounter_gluefetchv6 = 14, + dns_resstatscounter_gluefetchv4fail = 15, + dns_resstatscounter_gluefetchv6fail = 16, + dns_resstatscounter_val = 17, + dns_resstatscounter_valsuccess = 18, + dns_resstatscounter_valnegsuccess = 19, + dns_resstatscounter_valfail = 20, + dns_resstatscounter_dispabort = 21, + dns_resstatscounter_dispsockfail = 22, + dns_resstatscounter_querytimeout = 23, + dns_resstatscounter_queryrtt0 = 24, + dns_resstatscounter_queryrtt1 = 25, + dns_resstatscounter_queryrtt2 = 26, + dns_resstatscounter_queryrtt3 = 27, + dns_resstatscounter_queryrtt4 = 28, + dns_resstatscounter_queryrtt5 = 29, + + dns_resstatscounter_max = 30, + + /*% + * Zone statistics counters. + */ + dns_zonestatscounter_notifyoutv4 = 0, + dns_zonestatscounter_notifyoutv6 = 1, + dns_zonestatscounter_notifyinv4 = 2, + dns_zonestatscounter_notifyinv6 = 3, + dns_zonestatscounter_notifyrej = 4, + dns_zonestatscounter_soaoutv4 = 5, + dns_zonestatscounter_soaoutv6 = 6, + dns_zonestatscounter_axfrreqv4 = 7, + dns_zonestatscounter_axfrreqv6 = 8, + dns_zonestatscounter_ixfrreqv4 = 9, + dns_zonestatscounter_ixfrreqv6 = 10, + dns_zonestatscounter_xfrsuccess = 11, + dns_zonestatscounter_xfrfail = 12, + + dns_zonestatscounter_max = 13, + + /*% + * Query statistics counters (obsolete). + */ dns_statscounter_success = 0, /*%< Successful lookup */ dns_statscounter_referral = 1, /*%< Referral result */ dns_statscounter_nxrrset = 2, /*%< NXRRSET result */ @@ -35,18 +93,261 @@ typedef enum { dns_statscounter_recursion = 4, /*%< Recursion was used */ dns_statscounter_failure = 5, /*%< Some other failure */ dns_statscounter_duplicate = 6, /*%< Duplicate query */ - dns_statscounter_dropped = 7 /*%< Duplicate query */ -} dns_statscounter_t; + dns_statscounter_dropped = 7 /*%< Duplicate query (dropped) */ +}; #define DNS_STATS_NCOUNTERS 8 +#if 0 +/*%< + * Flag(s) for dns_xxxstats_dump(). DNS_STATSDUMP_VERBOSE is obsolete. + * ISC_STATSDUMP_VERBOSE should be used instead. These two values are + * intentionally defined to be the same value to ensure binary compatibility. + */ +#define DNS_STATSDUMP_VERBOSE 0x00000001 /*%< dump 0-value counters */ +#endif + +/*%< + * (Obsoleted) + */ LIBDNS_EXTERNAL_DATA extern const char *dns_statscounter_names[]; +/*% + * Attributes for statistics counters of RRset and Rdatatype types. + * + * _OTHERTYPE + * The rdata type is not explicitly supported and the corresponding counter + * is counted for other such types, too. When this attribute is set, + * the base type is of no use. + * + * _NXRRSET + * RRset type counters only. Indicates the RRset is non existent. + * + * _NXDOMAIN + * RRset type counters only. Indicates a non existent name. When this + * attribute is set, the base type is of no use. + */ +#define DNS_RDATASTATSTYPE_ATTR_OTHERTYPE 0x0001 +#define DNS_RDATASTATSTYPE_ATTR_NXRRSET 0x0002 +#define DNS_RDATASTATSTYPE_ATTR_NXDOMAIN 0x0004 + +/*%< + * Conversion macros among dns_rdatatype_t, attributes and isc_statscounter_t. + */ +#define DNS_RDATASTATSTYPE_BASE(type) ((dns_rdatatype_t)((type) & 0xFFFF)) +#define DNS_RDATASTATSTYPE_ATTR(type) ((type) >> 16) +#define DNS_RDATASTATSTYPE_VALUE(b, a) (((a) << 16) | (b)) + +/*%< + * Types of dump callbacks. + */ +typedef void (*dns_generalstats_dumper_t)(isc_statscounter_t, isc_uint64_t, + void *); +typedef void (*dns_rdatatypestats_dumper_t)(dns_rdatastatstype_t, isc_uint64_t, + void *); +typedef void (*dns_opcodestats_dumper_t)(dns_opcode_t, isc_uint64_t, void *); + +isc_result_t +dns_generalstats_create(isc_mem_t *mctx, dns_stats_t **statsp, int ncounters); +/*%< + * Create a statistics counter structure of general type. It counts a general + * set of counters indexed by an ID between 0 and ncounters -1. + * This function is obsolete. A more general function, isc_stats_create(), + * should be used. + * + * Requires: + *\li 'mctx' must be a valid memory context. + * + *\li 'statsp' != NULL && '*statsp' == NULL. + * + * Returns: + *\li ISC_R_SUCCESS -- all ok + * + *\li anything else -- failure + */ + +isc_result_t +dns_rdatatypestats_create(isc_mem_t *mctx, dns_stats_t **statsp); +/*%< + * Create a statistics counter structure per rdatatype. + * + * Requires: + *\li 'mctx' must be a valid memory context. + * + *\li 'statsp' != NULL && '*statsp' == NULL. + * + * Returns: + *\li ISC_R_SUCCESS -- all ok + * + *\li anything else -- failure + */ + +isc_result_t +dns_rdatasetstats_create(isc_mem_t *mctx, dns_stats_t **statsp); +/*%< + * Create a statistics counter structure per RRset. + * + * Requires: + *\li 'mctx' must be a valid memory context. + * + *\li 'statsp' != NULL && '*statsp' == NULL. + * + * Returns: + *\li ISC_R_SUCCESS -- all ok + * + *\li anything else -- failure + */ + +isc_result_t +dns_opcodestats_create(isc_mem_t *mctx, dns_stats_t **statsp); +/*%< + * Create a statistics counter structure per opcode. + * + * Requires: + *\li 'mctx' must be a valid memory context. + * + *\li 'statsp' != NULL && '*statsp' == NULL. + * + * Returns: + *\li ISC_R_SUCCESS -- all ok + * + *\li anything else -- failure + */ + +void +dns_stats_attach(dns_stats_t *stats, dns_stats_t **statsp); +/*%< + * Attach to a statistics set. + * + * Requires: + *\li 'stats' is a valid dns_stats_t. + * + *\li 'statsp' != NULL && '*statsp' == NULL + */ + +void +dns_stats_detach(dns_stats_t **statsp); +/*%< + * Detaches from the statistics set. + * + * Requires: + *\li 'statsp' != NULL and '*statsp' is a valid dns_stats_t. + */ + +void +dns_generalstats_increment(dns_stats_t *stats, isc_statscounter_t counter); +/*%< + * Increment the counter-th counter of stats. This function is obsolete. + * A more general function, isc_stats_increment(), should be used. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_generalstats_create(). + * + *\li counter is less than the maximum available ID for the stats specified + * on creation. + */ + +void +dns_rdatatypestats_increment(dns_stats_t *stats, dns_rdatatype_t type); +/*%< + * Increment the statistics counter for 'type'. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_rdatatypestats_create(). + */ + +void +dns_rdatasetstats_increment(dns_stats_t *stats, dns_rdatastatstype_t rrsettype); +/*%< + * Increment the statistics counter for 'rrsettype'. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_rdatasetstats_create(). + */ + +void +dns_rdatasetstats_decrement(dns_stats_t *stats, dns_rdatastatstype_t rrsettype); +/*%< + * Decrement the statistics counter for 'rrsettype'. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_rdatasetstats_create(). + */ + +void +dns_opcodestats_increment(dns_stats_t *stats, dns_opcode_t code); +/*%< + * Increment the statistics counter for 'code'. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_opcodestats_create(). + */ + +void +dns_generalstats_dump(dns_stats_t *stats, dns_generalstats_dumper_t dump_fn, + void *arg, unsigned int options); +/*%< + * Dump the current statistics counters in a specified way. For each counter + * in stats, dump_fn is called with its current value and the given argument + * arg. By default counters that have a value of 0 is skipped; if options has + * the ISC_STATSDUMP_VERBOSE flag, even such counters are dumped. + * + * This function is obsolete. A more general function, isc_stats_dump(), + * should be used. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_generalstats_create(). + */ + +void +dns_rdatatypestats_dump(dns_stats_t *stats, dns_rdatatypestats_dumper_t dump_fn, + void *arg, unsigned int options); +/*%< + * Dump the current statistics counters in a specified way. For each counter + * in stats, dump_fn is called with the corresponding type in the form of + * dns_rdatastatstype_t, the current counter value and the given argument + * arg. By default counters that have a value of 0 is skipped; if options has + * the ISC_STATSDUMP_VERBOSE flag, even such counters are dumped. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_generalstats_create(). + */ + +void +dns_rdatasetstats_dump(dns_stats_t *stats, dns_rdatatypestats_dumper_t dump_fn, + void *arg, unsigned int options); +/*%< + * Dump the current statistics counters in a specified way. For each counter + * in stats, dump_fn is called with the corresponding type in the form of + * dns_rdatastatstype_t, the current counter value and the given argument + * arg. By default counters that have a value of 0 is skipped; if options has + * the ISC_STATSDUMP_VERBOSE flag, even such counters are dumped. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_generalstats_create(). + */ + +void +dns_opcodestats_dump(dns_stats_t *stats, dns_opcodestats_dumper_t dump_fn, + void *arg, unsigned int options); +/*%< + * Dump the current statistics counters in a specified way. For each counter + * in stats, dump_fn is called with the corresponding opcode, the current + * counter value and the given argument arg. By default counters that have a + * value of 0 is skipped; if options has the ISC_STATSDUMP_VERBOSE flag, even + * such counters are dumped. + * + * Requires: + *\li 'stats' is a valid dns_stats_t created by dns_generalstats_create(). + */ + isc_result_t dns_stats_alloccounters(isc_mem_t *mctx, isc_uint64_t **ctrp); /*%< * Allocate an array of query statistics counters from the memory * context 'mctx'. + * + * This function is obsoleted. Use dns_xxxstats_create() instead. */ void @@ -54,6 +355,8 @@ dns_stats_freecounters(isc_mem_t *mctx, isc_uint64_t **ctrp); /*%< * Free an array of query statistics counters allocated from the memory * context 'mctx'. + * + * This function is obsoleted. Use dns_stats_destroy() instead. */ ISC_LANG_ENDDECLS diff --git a/contrib/bind9/lib/dns/include/dns/tcpmsg.h b/contrib/bind9/lib/dns/include/dns/tcpmsg.h index 075f463..fe83c53 100644 --- a/contrib/bind9/lib/dns/include/dns/tcpmsg.h +++ b/contrib/bind9/lib/dns/include/dns/tcpmsg.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tcpmsg.h,v 1.16.18.2 2005/04/29 00:16:22 marka Exp $ */ +/* $Id: tcpmsg.h,v 1.22 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_TCPMSG_H #define DNS_TCPMSG_H 1 -/*! \file */ +/*! \file dns/tcpmsg.h */ #include <isc/buffer.h> #include <isc/lang.h> diff --git a/contrib/bind9/lib/dns/include/dns/time.h b/contrib/bind9/lib/dns/include/dns/time.h index 9e8f5cc..5b47d11 100644 --- a/contrib/bind9/lib/dns/include/dns/time.h +++ b/contrib/bind9/lib/dns/include/dns/time.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: time.h,v 1.11.18.2 2005/04/29 00:16:23 marka Exp $ */ +/* $Id: time.h,v 1.17 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_TIME_H #define DNS_TIME_H 1 -/*! \file */ +/*! \file dns/time.h */ /*** *** Imports diff --git a/contrib/bind9/lib/dns/include/dns/timer.h b/contrib/bind9/lib/dns/include/dns/timer.h index cd936a0..48d6d56 100644 --- a/contrib/bind9/lib/dns/include/dns/timer.h +++ b/contrib/bind9/lib/dns/include/dns/timer.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: timer.h,v 1.3.18.2 2005/04/29 00:16:23 marka Exp $ */ +/* $Id: timer.h,v 1.9 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_TIMER_H #define DNS_TIMER_H 1 -/*! \file */ +/*! \file dns/timer.h */ /*** *** Imports diff --git a/contrib/bind9/lib/dns/include/dns/tkey.h b/contrib/bind9/lib/dns/include/dns/tkey.h index 4e3e80a..3511f2f 100644 --- a/contrib/bind9/lib/dns/include/dns/tkey.h +++ b/contrib/bind9/lib/dns/include/dns/tkey.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,18 +15,19 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tkey.h,v 1.19.18.2 2005/04/29 00:16:23 marka Exp $ */ +/* $Id: tkey.h,v 1.26.332.2 2009/01/18 23:47:41 tbox Exp $ */ #ifndef DNS_TKEY_H #define DNS_TKEY_H 1 -/*! \file */ +/*! \file dns/tkey.h */ #include <isc/lang.h> #include <dns/types.h> #include <dst/dst.h> +#include <dst/gssapi.h> ISC_LANG_BEGINDECLS @@ -40,13 +41,14 @@ ISC_LANG_BEGINDECLS struct dns_tkeyctx { dst_key_t *dhkey; dns_name_t *domain; - void *gsscred; + gss_cred_id_t gsscred; isc_mem_t *mctx; isc_entropy_t *ectx; }; isc_result_t -dns_tkeyctx_create(isc_mem_t *mctx, isc_entropy_t *ectx, dns_tkeyctx_t **tctxp); +dns_tkeyctx_create(isc_mem_t *mctx, isc_entropy_t *ectx, + dns_tkeyctx_t **tctxp); /*%< * Create an empty TKEY context. * @@ -119,13 +121,29 @@ dns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key, dns_name_t *name, */ isc_result_t -dns_tkey_buildgssquery(dns_message_t *msg, dns_name_t *name, - dns_name_t *gname, void *cred, - isc_uint32_t lifetime, void **context); +dns_tkey_buildgssquery(dns_message_t *msg, dns_name_t *name, dns_name_t *gname, + isc_buffer_t *intoken, isc_uint32_t lifetime, + gss_ctx_id_t *context, isc_boolean_t win2k); /*%< - * XXX + * Builds a query containing a TKEY that will generate a GSSAPI context. + * The key is requested to have the specified lifetime (in seconds). + * + * Requires: + *\li 'msg' is a valid message + *\li 'name' is a valid name + *\li 'gname' is a valid name + *\li 'context' is a pointer to a valid gss_ctx_id_t + * (which may have the value GSS_C_NO_CONTEXT) + *\li 'win2k' when true says to turn on some hacks to work + * with the non-standard GSS-TSIG of Windows 2000 + * + * Returns: + *\li ISC_R_SUCCESS msg was successfully updated to include the + * query to be sent + *\li other an error occurred while building the message */ + isc_result_t dns_tkey_builddeletequery(dns_message_t *msg, dns_tsigkey_t *key); /*%< @@ -144,7 +162,7 @@ dns_tkey_builddeletequery(dns_message_t *msg, dns_tsigkey_t *key); isc_result_t dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg, - dst_key_t *key, isc_buffer_t *nonce, + dst_key_t *key, isc_buffer_t *nonce, dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring); /*%< * Processes a response to a query containing a TKEY that was @@ -167,8 +185,9 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg, isc_result_t dns_tkey_processgssresponse(dns_message_t *qmsg, dns_message_t *rmsg, - dns_name_t *gname, void *cred, void **context, - dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring); + dns_name_t *gname, gss_ctx_id_t *context, + isc_buffer_t *outtoken, dns_tsigkey_t **outkey, + dns_tsig_keyring_t *ring); /*%< * XXX */ @@ -193,6 +212,39 @@ dns_tkey_processdeleteresponse(dns_message_t *qmsg, dns_message_t *rmsg, */ +isc_result_t +dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg, + dns_name_t *server, gss_ctx_id_t *context, + dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring, + isc_boolean_t win2k); + +/* + * Client side negotiation of GSS-TSIG. Process the response + * to a TKEY, and establish a TSIG key if negotiation was successful. + * Build a response to the input TKEY message. Can take multiple + * calls to successfully establish the context. + * + * Requires: + * 'qmsg' is a valid message, the original TKEY request; + * it will be filled with the new message to send + * 'rmsg' is a valid message, the incoming TKEY message + * 'server' is the server name + * 'context' is the input context handle + * 'outkey' receives the established key, if non-NULL; + * if non-NULL must point to NULL + * 'ring' is the keyring in which to establish the key, + * or NULL + * 'win2k' when true says to turn on some hacks to work + * with the non-standard GSS-TSIG of Windows 2000 + * + * Returns: + * ISC_R_SUCCESS context was successfully established + * ISC_R_NOTFOUND couldn't find a needed part of the query + * or response + * DNS_R_CONTINUE additional context negotiation is required; + * send the new qmsg to the server + */ + ISC_LANG_ENDDECLS #endif /* DNS_TKEY_H */ diff --git a/contrib/bind9/lib/dns/include/dns/tsig.h b/contrib/bind9/lib/dns/include/dns/tsig.h index b3fd6cc..e8c0e2c 100644 --- a/contrib/bind9/lib/dns/include/dns/tsig.h +++ b/contrib/bind9/lib/dns/include/dns/tsig.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tsig.h,v 1.43.18.4 2006/01/27 23:57:44 marka Exp $ */ +/* $Id: tsig.h,v 1.51 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_TSIG_H #define DNS_TSIG_H 1 -/*! \file */ +/*! \file dns/tsig.h */ #include <isc/lang.h> #include <isc/refcount.h> @@ -59,6 +59,7 @@ LIBDNS_EXTERNAL_DATA extern dns_name_t *dns_tsig_hmacsha512_name; struct dns_tsig_keyring { dns_rbt_t *keys; + unsigned int writecount; isc_rwlock_t lock; isc_mem_t *mctx; }; @@ -79,7 +80,9 @@ struct dns_tsigkey { }; #define dns_tsigkey_identity(tsigkey) \ - ((tsigkey)->generated ? ((tsigkey)->creator) : (&((tsigkey)->name))) + ((tsigkey) == NULL ? NULL : \ + (tsigkey)->generated ? ((tsigkey)->creator) : \ + (&((tsigkey)->name))) ISC_LANG_BEGINDECLS diff --git a/contrib/bind9/lib/dns/include/dns/ttl.h b/contrib/bind9/lib/dns/include/dns/ttl.h index ad01578..c252518 100644 --- a/contrib/bind9/lib/dns/include/dns/ttl.h +++ b/contrib/bind9/lib/dns/include/dns/ttl.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ttl.h,v 1.13.18.2 2005/04/29 00:16:24 marka Exp $ */ +/* $Id: ttl.h,v 1.19 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_TTL_H #define DNS_TTL_H 1 -/*! \file */ +/*! \file dns/ttl.h */ /*** *** Imports diff --git a/contrib/bind9/lib/dns/include/dns/types.h b/contrib/bind9/lib/dns/include/dns/types.h index 8dcbe57..e07a796 100644 --- a/contrib/bind9/lib/dns/include/dns/types.h +++ b/contrib/bind9/lib/dns/include/dns/types.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: types.h,v 1.109.18.12 2006/05/02 12:55:31 shane Exp $ */ +/* $Id: types.h,v 1.130.50.3 2009/01/29 22:40:35 jinmei Exp $ */ #ifndef DNS_TYPES_H #define DNS_TYPES_H 1 -/*! \file +/*! \file dns/types.h * \brief * Including this file gives you type declarations suitable for use in * .h files, which lets us avoid circular type reference problems. @@ -68,6 +68,8 @@ typedef struct dns_fetch dns_fetch_t; typedef struct dns_fixedname dns_fixedname_t; typedef struct dns_forwarders dns_forwarders_t; typedef struct dns_fwdtable dns_fwdtable_t; +typedef struct dns_iptable dns_iptable_t; +typedef isc_uint32_t dns_iterations_t; typedef isc_uint16_t dns_keyflags_t; typedef struct dns_keynode dns_keynode_t; typedef struct dns_keytable dns_keytable_t; @@ -105,6 +107,8 @@ typedef isc_uint8_t dns_secproto_t; typedef struct dns_signature dns_signature_t; typedef struct dns_ssurule dns_ssurule_t; typedef struct dns_ssutable dns_ssutable_t; +typedef struct dns_stats dns_stats_t; +typedef isc_uint32_t dns_rdatastatstype_t; typedef struct dns_tkeyctx dns_tkeyctx_t; typedef isc_uint16_t dns_trust_t; typedef struct dns_tsig_keyring dns_tsig_keyring_t; @@ -118,6 +122,19 @@ typedef ISC_LIST(dns_zone_t) dns_zonelist_t; typedef struct dns_zonemgr dns_zonemgr_t; typedef struct dns_zt dns_zt_t; +/* + * If we are not using GSSAPI, define the types we use as opaque types here. + */ +#ifndef GSSAPI +typedef struct not_defined_gss_cred_id *gss_cred_id_t; +typedef struct not_defined_gss_ctx *gss_ctx_id_t; +#endif +typedef struct dst_gssapi_signverifyctx dst_gssapi_signverifyctx_t; + +typedef enum { + dns_hash_sha1 = 1 +} dns_hash_t; + typedef enum { dns_fwdpolicy_none = 0, dns_fwdpolicy_first = 1, @@ -249,11 +266,11 @@ enum { dns_trust_additional = 2, #define dns_trust_additional ((dns_trust_t)dns_trust_additional) - /* Received in a referral response. */ + /* Received in a referral response. */ dns_trust_glue = 3, #define dns_trust_glue ((dns_trust_t)dns_trust_glue) - /* Answser from a non-authoritative server */ + /* Answer from a non-authoritative server */ dns_trust_answer = 4, #define dns_trust_answer ((dns_trust_t)dns_trust_answer) @@ -262,11 +279,11 @@ enum { dns_trust_authauthority = 5, #define dns_trust_authauthority ((dns_trust_t)dns_trust_authauthority) - /* Answser from an authoritative server */ + /* Answer from an authoritative server */ dns_trust_authanswer = 6, #define dns_trust_authanswer ((dns_trust_t)dns_trust_authanswer) - /* Successfully DNSSEC validated */ + /* Successfully DNSSEC validated */ dns_trust_secure = 7, #define dns_trust_secure ((dns_trust_t)dns_trust_secure) @@ -276,7 +293,7 @@ enum { }; /*% - * Name checking severites. + * Name checking severities. */ typedef enum { dns_severity_ignore, @@ -308,7 +325,7 @@ typedef void typedef void (*dns_updatecallback_t)(void *, isc_result_t, dns_message_t *); -typedef int +typedef int (*dns_rdatasetorderfunc_t)(const dns_rdata_t *, const void *); typedef isc_boolean_t diff --git a/contrib/bind9/lib/dns/include/dns/validator.h b/contrib/bind9/lib/dns/include/dns/validator.h index c94fc3a..2555214 100644 --- a/contrib/bind9/lib/dns/include/dns/validator.h +++ b/contrib/bind9/lib/dns/include/dns/validator.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.h,v 1.27.18.10 2007/09/26 04:39:45 each Exp $ */ +/* $Id: validator.h,v 1.41.48.3 2009/01/18 23:25:17 marka Exp $ */ #ifndef DNS_VALIDATOR_H #define DNS_VALIDATOR_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/validator.h * * \brief * DNS Validator @@ -74,7 +74,7 @@ * caller so that they may be freed. * * If the RESULT is ISC_R_SUCCESS and the answer is secure then - * proofs[] will contain the the names of the NSEC records that hold the + * proofs[] will contain the names of the NSEC records that hold the * various proofs. Note the same name may appear multiple times. */ typedef struct dns_validatorevent { @@ -99,12 +99,17 @@ typedef struct dns_validatorevent { /* * Proofs to be cached. */ - dns_name_t * proofs[3]; + dns_name_t * proofs[4]; + /* + * Optout proof seen. + */ + isc_boolean_t optout; } dns_validatorevent_t; #define DNS_VALIDATOR_NOQNAMEPROOF 0 #define DNS_VALIDATOR_NODATAPROOF 1 #define DNS_VALIDATOR_NOWILDCARDPROOF 2 +#define DNS_VALIDATOR_CLOSESTENCLOSER 3 /*% * A validator object represents a validation in progress. @@ -139,11 +144,14 @@ struct dns_validator { dns_rdataset_t * dsset; dns_rdataset_t * soaset; dns_rdataset_t * nsecset; + dns_rdataset_t * nsec3set; dns_name_t * soaname; dns_rdataset_t frdataset; dns_rdataset_t fsigrdataset; dns_fixedname_t fname; dns_fixedname_t wild; + dns_fixedname_t nearest; + dns_fixedname_t closest; ISC_LINK(dns_validator_t) link; dns_rdataset_t dlv; dns_fixedname_t dlvsep; @@ -202,7 +210,7 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, * options: * If DNS_VALIDATOR_DLV is set the caller knows there is not a * trusted key and the validator should immediately attempt to validate - * the answer by looking for a appopriate DLV RRset. + * the answer by looking for an appropriate DLV RRset. */ void diff --git a/contrib/bind9/lib/dns/include/dns/version.h b/contrib/bind9/lib/dns/include/dns/version.h index bb254534..2a33dcf 100644 --- a/contrib/bind9/lib/dns/include/dns/version.h +++ b/contrib/bind9/lib/dns/include/dns/version.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: version.h,v 1.3.18.2 2005/04/29 00:16:25 marka Exp $ */ +/* $Id: version.h,v 1.9 2007/06/19 23:47:17 tbox Exp $ */ -/*! \file */ +/*! \file dns/version.h */ #include <isc/platform.h> diff --git a/contrib/bind9/lib/dns/include/dns/view.h b/contrib/bind9/lib/dns/include/dns/view.h index ea3d4c7..5b53c16 100644 --- a/contrib/bind9/lib/dns/include/dns/view.h +++ b/contrib/bind9/lib/dns/include/dns/view.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: view.h,v 1.91.18.9 2006/03/09 23:38:21 marka Exp $ */ +/* $Id: view.h,v 1.111.88.4 2009/01/29 22:40:35 jinmei Exp $ */ #ifndef DNS_VIEW_H #define DNS_VIEW_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/view.h * \brief * DNS View * @@ -100,6 +100,9 @@ struct dns_view { isc_event_t resevent; isc_event_t adbevent; isc_event_t reqevent; + isc_stats_t * resstats; + dns_stats_t * resquerystats; + /* Configurable data. */ dns_tsig_keyring_t * statickeys; dns_tsig_keyring_t * dynamickeys; @@ -116,10 +119,17 @@ struct dns_view { isc_boolean_t acceptexpired; dns_transfer_format_t transfer_format; dns_acl_t * queryacl; + dns_acl_t * queryonacl; dns_acl_t * recursionacl; + dns_acl_t * recursiononacl; dns_acl_t * sortlist; + dns_acl_t * notifyacl; + dns_acl_t * transferacl; + dns_acl_t * updateacl; + dns_acl_t * upfwdacl; isc_boolean_t requestixfr; isc_boolean_t provideixfr; + isc_boolean_t requestnsid; dns_ttl_t maxcachettl; dns_ttl_t maxncachettl; in_port_t dstport; @@ -224,7 +234,7 @@ void dns_view_flushanddetach(dns_view_t **viewp); /*%< * Detach '*viewp' from its view. If this was the last reference - * uncommited changed in zones will be flushed to disk. + * uncommitted changed in zones will be flushed to disk. * * Requires: * @@ -363,7 +373,7 @@ dns_view_setdstport(dns_view_t *view, in_port_t dstport); *\li 'dstport' is a valid TCP/UDP port number. * * Ensures: - *\li External name servers will be assumed to be listning + *\li External name servers will be assumed to be listening * on 'dstport'. For servers whose address has already * obtained obtained at the time of the call, the view may * continue to use the previously set port until the address @@ -591,6 +601,19 @@ dns_viewlist_find(dns_viewlist_t *list, const char *name, */ isc_result_t +dns_viewlist_findzone(dns_viewlist_t *list, dns_name_t *name, isc_boolean_t allclasses, + dns_rdataclass_t rdclass, dns_zone_t **zonep); + +/*%< + * Search zone with 'name' in view with 'rdclass' in viewlist 'list' + * If found, zone is returned in *zonep. If allclasses is set rdclass is ignored + * + * Returns: + *\li #ISC_R_SUCCESS A matching zone was found. + *\li #ISC_R_NOTFOUND No matching zone was found. + */ + +isc_result_t dns_view_findzone(dns_view_t *view, dns_name_t *name, dns_zone_t **zonep); /*%< * Search for the zone 'name' in the zone table of 'view'. @@ -615,7 +638,7 @@ dns_view_loadnew(dns_view_t *view, isc_boolean_t stop); /*%< * Load zones attached to this view. dns_view_load() loads * all zones whose master file has changed since the last - * load; dns_view_loadnew() loads only zones that have never + * load; dns_view_loadnew() loads only zones that have never * been loaded. * * If 'stop' is ISC_TRUE, stop on the first error and return it. @@ -633,7 +656,7 @@ dns_view_gettsig(dns_view_t *view, dns_name_t *keyname, * Find the TSIG key configured in 'view' with name 'keyname', * if any. * - * Reqires: + * Requires: *\li keyp points to a NULL dns_tsigkey_t *. * * Returns: @@ -649,7 +672,7 @@ dns_view_getpeertsig(dns_view_t *view, isc_netaddr_t *peeraddr, * Find the TSIG key configured in 'view' for the server whose * address is 'peeraddr', if any. * - * Reqires: + * Requires: * keyp points to a NULL dns_tsigkey_t *. * * Returns: @@ -691,7 +714,7 @@ dns_view_dumpdbtostream(dns_view_t *view, FILE *fp); * easily obtainable by other means. * * Requires: - * + * *\li 'view' is valid. * *\li 'fp' refers to a file open for writing. @@ -734,7 +757,7 @@ isc_result_t dns_view_adddelegationonly(dns_view_t *view, dns_name_t *name); /*%< * Add the given name to the delegation only table. - * + * * * Requires: *\li 'view' is valid. @@ -749,7 +772,7 @@ isc_result_t dns_view_excludedelegationonly(dns_view_t *view, dns_name_t *name); /*%< * Add the given name to be excluded from the root-delegation-only. - * + * * * Requires: *\li 'view' is valid. @@ -771,8 +794,8 @@ dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name); *\li 'name' is valid. * * Returns: - *\li #ISC_TRUE if the name is is the table. - *\li #ISC_FALSE othewise. + *\li #ISC_TRUE if the name is the table. + *\li #ISC_FALSE otherwise. */ void @@ -801,4 +824,56 @@ dns_view_freezezones(dns_view_t *view, isc_boolean_t freeze); * Requires: * \li 'view' is valid. */ + +void +dns_view_setresstats(dns_view_t *view, isc_stats_t *stats); +/*%< + * Set a general resolver statistics counter set 'stats' for 'view'. + * + * Requires: + * \li 'view' is valid and is not frozen. + * + *\li stats is a valid statistics supporting resolver statistics counters + * (see dns/stats.h). + */ + +void +dns_view_getresstats(dns_view_t *view, isc_stats_t **statsp); +/*%< + * Get the general statistics counter set for 'view'. If a statistics set is + * set '*statsp' will be attached to the set; otherwise, '*statsp' will be + * untouched. + * + * Requires: + * \li 'view' is valid and is not frozen. + * + *\li 'statsp' != NULL && '*statsp' != NULL + */ + +void +dns_view_setresquerystats(dns_view_t *view, dns_stats_t *stats); +/*%< + * Set a statistics counter set of rdata type, 'stats', for 'view'. Once the + * statistic set is installed, view's resolver will count outgoing queries + * per rdata type. + * + * Requires: + * \li 'view' is valid and is not frozen. + * + *\li stats is a valid statistics created by dns_rdatatypestats_create(). + */ + +void +dns_view_getresquerystats(dns_view_t *view, dns_stats_t **statsp); +/*%< + * Get the rdatatype statistics counter set for 'view'. If a statistics set is + * set '*statsp' will be attached to the set; otherwise, '*statsp' will be + * untouched. + * + * Requires: + * \li 'view' is valid and is not frozen. + * + *\li 'statsp' != NULL && '*statsp' != NULL + */ + #endif /* DNS_VIEW_H */ diff --git a/contrib/bind9/lib/dns/include/dns/xfrin.h b/contrib/bind9/lib/dns/include/dns/xfrin.h index fcd482e..04866ee 100644 --- a/contrib/bind9/lib/dns/include/dns/xfrin.h +++ b/contrib/bind9/lib/dns/include/dns/xfrin.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: xfrin.h,v 1.20.18.5 2006/07/20 01:10:30 marka Exp $ */ +/* $Id: xfrin.h,v 1.28.332.2 2009/01/18 23:47:41 tbox Exp $ */ #ifndef DNS_XFRIN_H #define DNS_XFRIN_H 1 @@ -24,7 +24,7 @@ ***** Module Info *****/ -/*! \file +/*! \file dns/xfrin.h * \brief * Incoming zone transfers (AXFR + IXFR). */ @@ -90,7 +90,7 @@ dns_xfrin_shutdown(dns_xfrin_ctx_t *xfr); /*%< * If the zone transfer 'xfr' has already finished, * do nothing. Otherwise, abort it and cause it to call - * its done callback with a status of ISC_R_CANCELLED. + * its done callback with a status of ISC_R_CANCELED. */ void diff --git a/contrib/bind9/lib/dns/include/dns/zone.h b/contrib/bind9/lib/dns/include/dns/zone.h index 7cb8272..e2859ae 100644 --- a/contrib/bind9/lib/dns/include/dns/zone.h +++ b/contrib/bind9/lib/dns/include/dns/zone.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.h,v 1.126.18.19 2006/08/01 03:45:21 marka Exp $ */ +/* $Id: zone.h,v 1.160.50.4 2009/01/29 22:40:35 jinmei Exp $ */ #ifndef DNS_ZONE_H #define DNS_ZONE_H 1 -/*! \file */ +/*! \file dns/zone.h */ /*** *** Imports @@ -33,6 +33,7 @@ #include <isc/rwlock.h> #include <dns/masterdump.h> +#include <dns/rdatastruct.h> #include <dns/types.h> typedef enum { @@ -66,6 +67,9 @@ typedef enum { #define DNS_ZONEOPT_WARNSRVCNAME 0x00200000U /*%< warn on SRV CNAME check */ #define DNS_ZONEOPT_IGNORESRVCNAME 0x00400000U /*%< ignore SRV CNAME check */ #define DNS_ZONEOPT_UPDATECHECKKSK 0x00800000U /*%< check dnskey KSK flag */ +#define DNS_ZONEOPT_TRYTCPREFRESH 0x01000000U /*%< try tcp refresh on udp failure */ +#define DNS_ZONEOPT_NOTIFYTOSOA 0x02000000U /*%< Notify the SOA MNAME */ +#define DNS_ZONEOPT_NSEC3TESTZONE 0x04000000U /*%< nsec3-test-zone */ #ifndef NOMINUM_PUBLIC /* @@ -145,6 +149,15 @@ dns_zone_getclass(dns_zone_t *zone); *\li 'zone' to be a valid zone. */ +isc_uint32_t +dns_zone_getserial(dns_zone_t *zone); +/*%< + * Returns the current serial number of the zone. + * + * Requires: + *\li 'zone' to be a valid zone. + */ + void dns_zone_settype(dns_zone_t *zone, dns_zonetype_t type); /*%< @@ -406,7 +419,7 @@ dns_zone_refresh(dns_zone_t *zone); isc_result_t dns_zone_flush(dns_zone_t *zone); /*%< - * Write the zone to database if there are uncommited changes. + * Write the zone to database if there are uncommitted changes. * * Require: *\li 'zone' to be a valid zone. @@ -458,7 +471,7 @@ dns_zone_fulldumptostream(dns_zone_t *zone, FILE *fd); void dns_zone_maintenance(dns_zone_t *zone); /*%< - * Perform regular maintenace on the zone. This is called as a + * Perform regular maintenance on the zone. This is called as a * result of a zone being managed. * * Require @@ -503,7 +516,7 @@ dns_zone_setalsonotify(dns_zone_t *zone, const isc_sockaddr_t *notify, * Require: *\li 'zone' to be a valid zone. *\li 'notify' to be non-NULL if count != 0. - *\li 'count' to be the number of notifyees. + *\li 'count' to be the number of notifiees. * * Returns: *\li #ISC_R_SUCCESS @@ -701,6 +714,16 @@ dns_zone_setqueryacl(dns_zone_t *zone, dns_acl_t *acl); */ void +dns_zone_setqueryonacl(dns_zone_t *zone, dns_acl_t *acl); +/*%< + * Sets the query-on acl list for the zone. + * + * Require: + *\li 'zone' to be a valid zone. + *\li 'acl' to be a valid acl. + */ + +void dns_zone_setupdateacl(dns_zone_t *zone, dns_acl_t *acl); /*%< * Sets the update acl list for the zone. @@ -757,6 +780,19 @@ dns_zone_getqueryacl(dns_zone_t *zone); */ dns_acl_t * +dns_zone_getqueryonacl(dns_zone_t *zone); +/*%< + * Returns the current query-on acl or NULL. + * + * Require: + *\li 'zone' to be a valid zone. + * + * Returns: + *\li acl a pointer to the acl. + *\li NULL + */ + +dns_acl_t * dns_zone_getupdateacl(dns_zone_t *zone); /*%< * Returns the current update acl or NULL. @@ -832,6 +868,15 @@ dns_zone_clearqueryacl(dns_zone_t *zone); */ void +dns_zone_clearqueryonacl(dns_zone_t *zone); +/*%< + * Clear the current query-on acl. + * + * Require: + *\li 'zone' to be a valid zone. + */ + +void dns_zone_clearxfracl(dns_zone_t *zone); /*%< * Clear the current transfer acl. @@ -844,12 +889,16 @@ isc_boolean_t dns_zone_getupdatedisabled(dns_zone_t *zone); /*%< * Return update disabled. + * Transient unless called when running in isc_task_exclusive() mode. */ void dns_zone_setupdatedisabled(dns_zone_t *zone, isc_boolean_t state); /*%< * Set update disabled. + * Should only be called only when running in isc_task_exclusive() mode. + * Failure to do so may result in updates being committed after the + * call has been made. */ isc_boolean_t @@ -905,13 +954,13 @@ isc_result_t dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from, dns_message_t *msg); /*%< - * Tell the zone that it has recieved a NOTIFY message from another - * server. This may cause some zone maintainence activity to occur. + * Tell the zone that it has received a NOTIFY message from another + * server. This may cause some zone maintenance activity to occur. * * Requires: *\li 'zone' to be a valid zone. *\li '*from' to contain the address of the server from which 'msg' - * was recieved. + * was received. *\li 'msg' a message with opcode NOTIFY and qr clear. * * Returns: @@ -1036,7 +1085,7 @@ dns_zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump); * If "dump" is ISC_TRUE, then the new zone contents are dumped * into to the zone's master file for persistence. When replacing * a zone database by one just loaded from a master file, set - * "dump" to ISC_FALSE to avoid a redunant redump of the data just + * "dump" to ISC_FALSE to avoid a redundant redump of the data just * loaded. Otherwise, it should be set to ISC_TRUE. * * If the "diff-on-reload" option is enabled in the configuration file, @@ -1048,7 +1097,7 @@ dns_zone_replacedb(dns_zone_t *zone, dns_db_t *db, isc_boolean_t dump); * * Returns: * \li DNS_R_SUCCESS - * \li DNS_R_BADZONE zone failed basic consistancy checks: + * \li DNS_R_BADZONE zone failed basic consistency checks: * * a single SOA must exist * * some NS records must exist. * Others @@ -1134,7 +1183,7 @@ dns_zone_getmgr(dns_zone_t *zone); void dns_zone_setsigvalidityinterval(dns_zone_t *zone, isc_uint32_t interval); /*%< - * Set the zone's SIG validity interval. This is the length of time + * Set the zone's RRSIG validity interval. This is the length of time * for which DNSSEC signatures created as a result of dynamic updates * to secure zones will remain valid, in seconds. * @@ -1145,7 +1194,26 @@ dns_zone_setsigvalidityinterval(dns_zone_t *zone, isc_uint32_t interval); isc_uint32_t dns_zone_getsigvalidityinterval(dns_zone_t *zone); /*%< - * Get the zone's SIG validity interval. + * Get the zone's RRSIG validity interval. + * + * Requires: + * \li 'zone' to be a valid zone. + */ + +void +dns_zone_setsigresigninginterval(dns_zone_t *zone, isc_uint32_t interval); +/*%< + * Set the zone's RRSIG re-signing interval. A dynamic zone's RRSIG's + * will be re-signed 'interval' amount of time before they expire. + * + * Requires: + * \li 'zone' to be a valid zone. + */ + +isc_uint32_t +dns_zone_getsigresigninginterval(dns_zone_t *zone); +/*%< + * Get the zone's RRSIG re-signing interval. * * Requires: * \li 'zone' to be a valid zone. @@ -1159,10 +1227,10 @@ dns_zone_setnotifytype(dns_zone_t *zone, dns_notifytype_t notifytype); isc_result_t dns_zone_forwardupdate(dns_zone_t *zone, dns_message_t *msg, - dns_updatecallback_t callback, void *callback_arg); + dns_updatecallback_t callback, void *callback_arg); /*%< * Forward 'msg' to each master in turn until we get an answer or we - * have exausted the list of masters. 'callback' will be called with + * have exhausted the list of masters. 'callback' will be called with * ISC_R_SUCCESS if we get an answer and the returned message will be * passed as 'answer_message', otherwise a non ISC_R_SUCCESS result code * will be passed and answer_message will be NULL. The callback function @@ -1195,6 +1263,8 @@ dns_zone_next(dns_zone_t *zone, dns_zone_t **next); * (result ISC_R_NOMORE). */ + + isc_result_t dns_zone_first(dns_zonemgr_t *zmgr, dns_zone_t **first); /*%< @@ -1267,7 +1337,7 @@ isc_result_t dns_zonemgr_forcemaint(dns_zonemgr_t *zmgr); /*%< * Force zone maintenance of all zones managed by 'zmgr' at its - * earliest conveniene. + * earliest convenience. */ void @@ -1336,7 +1406,7 @@ dns_zonemgr_settransfersin(dns_zonemgr_t *zmgr, isc_uint32_t value); isc_uint32_t dns_zonemgr_getttransfersin(dns_zonemgr_t *zmgr); /*%< - * Return the the maximum number of simultaneous transfers in allowed. + * Return the maximum number of simultaneous transfers in allowed. * * Requires: *\li 'zmgr' to be a valid zone manager. @@ -1363,7 +1433,7 @@ dns_zonemgr_getttransfersperns(dns_zonemgr_t *zmgr); void dns_zonemgr_setiolimit(dns_zonemgr_t *zmgr, isc_uint32_t iolimit); /*%< - * Set the number of simultaneous file descriptors available for + * Set the number of simultaneous file descriptors available for * reading and writing masterfiles. * * Requires: @@ -1374,7 +1444,7 @@ dns_zonemgr_setiolimit(dns_zonemgr_t *zmgr, isc_uint32_t iolimit); isc_uint32_t dns_zonemgr_getiolimit(dns_zonemgr_t *zmgr); /*%< - * Get the number of simultaneous file descriptors available for + * Get the number of simultaneous file descriptors available for * reading and writing masterfiles. * * Requires: @@ -1410,6 +1480,18 @@ dns_zonemgr_getcount(dns_zonemgr_t *zmgr, int state); */ void +dns_zonemgr_unreachableadd(dns_zonemgr_t *zmgr, isc_sockaddr_t *remote, + isc_sockaddr_t *local, isc_time_t *now); +/*%< + * Add the pair of addresses to the unreachable cache. + * + * Requires: + *\li 'zmgr' to be a valid zone manager. + *\li 'remote' to be a valid sockaddr. + *\li 'local' to be a valid sockaddr. + */ + +void dns_zone_forcereload(dns_zone_t *zone); /*%< * Force a reload of specified zone. @@ -1430,22 +1512,55 @@ dns_zone_isforced(dns_zone_t *zone); isc_result_t dns_zone_setstatistics(dns_zone_t *zone, isc_boolean_t on); /*%< - * Make the zone keep or not keep an array of statistics - * counter. - * - * Requires: - * \li zone be a valid zone. + * This function is obsoleted by dns_zone_setrequeststats(). */ isc_uint64_t * dns_zone_getstatscounters(dns_zone_t *zone); /*%< + * This function is obsoleted by dns_zone_getrequeststats(). + */ + +void +dns_zone_setstats(dns_zone_t *zone, isc_stats_t *stats); +/*%< + * Set a general zone-maintenance statistics set 'stats' for 'zone'. This + * function is expected to be called only on zone creation (when necessary). + * Once installed, it cannot be removed or replaced. Also, there is no + * interface to get the installed stats from the zone; the caller must keep the + * stats to reference (e.g. dump) it later. + * * Requires: - * zone be a valid zone. + * \li 'zone' to be a valid zone and does not have a statistics set already + * installed. + * + *\li stats is a valid statistics supporting zone statistics counters + * (see dns/stats.h). + */ + +void +dns_zone_setrequeststats(dns_zone_t *zone, isc_stats_t *stats); +/*%< + * Set an additional statistics set to zone. It is attached in the zone + * but is not counted in the zone module; only the caller updates the counters. + * + * Requires: + * \li 'zone' to be a valid zone. + * + *\li stats is a valid statistics. + */ + +isc_stats_t * +dns_zone_getrequeststats(dns_zone_t *zone); +/*%< + * Get the additional statistics for zone, if one is installed. + * + * Requires: + * \li 'zone' to be a valid zone. * * Returns: - * \li A pointer to the zone's array of statistics counters, - * or NULL if it has none. + * \li when available, a pointer to the statistics set installed in zone; + * otherwise NULL. */ void @@ -1484,7 +1599,7 @@ void dns_zone_name(dns_zone_t *zone, char *buf, size_t len); /*%< * Return the name of the zone with class and view. - * + * * Requires: *\li 'zone' to be valid. *\li 'buf' to be non NULL. @@ -1492,7 +1607,7 @@ dns_zone_name(dns_zone_t *zone, char *buf, size_t len); isc_result_t dns_zone_checknames(dns_zone_t *zone, dns_name_t *name, dns_rdata_t *rdata); -/* +/*%< * Check if this record meets the check-names policy. * * Requires: @@ -1508,7 +1623,7 @@ dns_zone_checknames(dns_zone_t *zone, dns_name_t *name, dns_rdata_t *rdata); void dns_zone_setacache(dns_zone_t *zone, dns_acache_t *acache); -/* +/*%< * Associate the zone with an additional cache. * * Require: @@ -1521,7 +1636,7 @@ dns_zone_setacache(dns_zone_t *zone, dns_acache_t *acache); void dns_zone_setcheckmx(dns_zone_t *zone, dns_checkmxfunc_t checkmx); -/* +/*%< * Set the post load integrity callback function 'checkmx'. * 'checkmx' will be called if the MX is not within the zone. * @@ -1531,7 +1646,7 @@ dns_zone_setcheckmx(dns_zone_t *zone, dns_checkmxfunc_t checkmx); void dns_zone_setchecksrv(dns_zone_t *zone, dns_checkmxfunc_t checksrv); -/* +/*%< * Set the post load integrity callback function 'checksrv'. * 'checksrv' will be called if the SRV TARGET is not within the zone. * @@ -1541,7 +1656,7 @@ dns_zone_setchecksrv(dns_zone_t *zone, dns_checkmxfunc_t checksrv); void dns_zone_setcheckns(dns_zone_t *zone, dns_checknsfunc_t checkns); -/* +/*%< * Set the post load integrity callback function 'checkmx'. * 'checkmx' will be called if the MX is not within the zone. * @@ -1551,7 +1666,7 @@ dns_zone_setcheckns(dns_zone_t *zone, dns_checknsfunc_t checkns); void dns_zone_setnotifydelay(dns_zone_t *zone, isc_uint32_t delay); -/* +/*%< * Set the minimum delay between sets of notify messages. * * Requires: @@ -1560,7 +1675,7 @@ dns_zone_setnotifydelay(dns_zone_t *zone, isc_uint32_t delay); isc_uint32_t dns_zone_getnotifydelay(dns_zone_t *zone); -/* +/*%< * Get the minimum delay between sets of notify messages. * * Requires: @@ -1569,7 +1684,7 @@ dns_zone_getnotifydelay(dns_zone_t *zone); void dns_zone_setisself(dns_zone_t *zone, dns_isselffunc_t isself, void *arg); -/* +/*%< * Set the isself callback function and argument. * * isc_boolean_t @@ -1581,6 +1696,41 @@ dns_zone_setisself(dns_zone_t *zone, dns_isselffunc_t isself, void *arg); * delivered to 'myview'. */ +void +dns_zone_setnodes(dns_zone_t *zone, isc_uint32_t nodes); +/*%< + * Set the number of nodes that will be checked per quantum. + */ + +void +dns_zone_setsignatures(dns_zone_t *zone, isc_uint32_t signatures); +/*%< + * Set the number of signatures that will be generated per quantum. + */ + +isc_result_t +dns_zone_signwithkey(dns_zone_t *zone, dns_secalg_t algorithm, + isc_uint16_t keyid, isc_boolean_t delete); +/*%< + * Initiate/resume signing of the entire zone with the zone DNSKEY(s) + * that match the given algorithm and keyid. + */ + +isc_result_t +dns_zone_addnsec3chain(dns_zone_t *zone, dns_rdata_nsec3param_t *nsec3param); +/*%< + * Incrementally add a NSEC3 chain that corresponds to 'nsec3param'. + */ + +void +dns_zone_setprivatetype(dns_zone_t *zone, dns_rdatatype_t type); +dns_rdatatype_t +dns_zone_getprivatetype(dns_zone_t *zone); +/* + * Get/Set the private record type. It is expected that these interfaces + * will not be permanent. + */ + ISC_LANG_ENDDECLS #endif /* DNS_ZONE_H */ diff --git a/contrib/bind9/lib/dns/include/dns/zonekey.h b/contrib/bind9/lib/dns/include/dns/zonekey.h index ba4e076..d9ba862 100644 --- a/contrib/bind9/lib/dns/include/dns/zonekey.h +++ b/contrib/bind9/lib/dns/include/dns/zonekey.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zonekey.h,v 1.4.18.2 2005/04/29 00:16:26 marka Exp $ */ +/* $Id: zonekey.h,v 1.10 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_ZONEKEY_H #define DNS_ZONEKEY_H 1 -/*! \file */ +/*! \file dns/zonekey.h */ #include <isc/lang.h> diff --git a/contrib/bind9/lib/dns/include/dns/zt.h b/contrib/bind9/lib/dns/include/dns/zt.h index 436ef4c..6cfe3d3 100644 --- a/contrib/bind9/lib/dns/include/dns/zt.h +++ b/contrib/bind9/lib/dns/include/dns/zt.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zt.h,v 1.30.18.3 2005/04/27 05:01:42 sra Exp $ */ +/* $Id: zt.h,v 1.38 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DNS_ZT_H #define DNS_ZT_H 1 -/*! \file */ +/*! \file dns/zt.h */ #include <isc/lang.h> diff --git a/contrib/bind9/lib/dns/include/dst/Makefile.in b/contrib/bind9/lib/dns/include/dst/Makefile.in index deaa221..4ed4ec0 100644 --- a/contrib/bind9/lib/dns/include/dst/Makefile.in +++ b/contrib/bind9/lib/dns/include/dst/Makefile.in @@ -1,7 +1,7 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2001 Internet Software Consortium. # -# Permission to use, copy, modify, and distribute this software for any +# Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.1.6.1 2004/12/09 04:41:47 marka Exp $ +# $Id: Makefile.in,v 1.4 2007/12/11 20:28:55 marka Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -21,7 +21,7 @@ top_srcdir = @top_srcdir@ @BIND9_VERSION@ -HEADERS = dst.h lib.h result.h +HEADERS = dst.h gssapi.h lib.h result.h SUBDIRS = TARGETS = diff --git a/contrib/bind9/lib/dns/include/dst/dst.h b/contrib/bind9/lib/dns/include/dst/dst.h index 8d99186..702ad71 100644 --- a/contrib/bind9/lib/dns/include/dst/dst.h +++ b/contrib/bind9/lib/dns/include/dst/dst.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,17 +15,19 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dst.h,v 1.1.6.5 2006/01/27 23:57:44 marka Exp $ */ +/* $Id: dst.h,v 1.12 2008/09/24 02:46:23 marka Exp $ */ #ifndef DST_DST_H #define DST_DST_H 1 -/*! \file */ +/*! \file dst/dst.h */ #include <isc/lang.h> #include <dns/types.h> +#include <dst/gssapi.h> + ISC_LANG_BEGINDECLS /*** @@ -49,6 +51,8 @@ typedef struct dst_context dst_context_t; #define DST_ALG_DSA 3 #define DST_ALG_ECC 4 #define DST_ALG_RSASHA1 5 +#define DST_ALG_NSEC3DSA 6 +#define DST_ALG_NSEC3RSASHA1 7 #define DST_ALG_HMACMD5 157 #define DST_ALG_GSSAPI 160 #define DST_ALG_HMACSHA1 161 /* XXXMPA */ @@ -398,16 +402,28 @@ dst_key_privatefrombuffer(dst_key_t *key, isc_buffer_t *buffer); *\li If successful, key will contain a valid private key. */ +gss_ctx_id_t +dst_key_getgssctx(const dst_key_t *key); +/*%< + * Returns the opaque key data. + * Be cautions when using this value unless you know what you are doing. + * + * Requires: + *\li "key" is not NULL. + * + * Returns: + *\li gssctx key data, possibly NULL. + */ isc_result_t -dst_key_fromgssapi(dns_name_t *name, void *opaque, isc_mem_t *mctx, - dst_key_t **keyp); +dst_key_fromgssapi(dns_name_t *name, gss_ctx_id_t gssctx, isc_mem_t *mctx, + dst_key_t **keyp); /*%< * Converts a GSSAPI opaque context id into a DST key. * * Requires: *\li "name" is a valid absolute dns name. - *\li "opaque" is a GSSAPI context id. + *\li "gssctx" is a GSSAPI context id. *\li "mctx" is a valid memory context. *\li "keyp" is not NULL and "*keyp" is NULL. * @@ -421,6 +437,12 @@ dst_key_fromgssapi(dns_name_t *name, void *opaque, isc_mem_t *mctx, */ isc_result_t +dst_key_fromlabel(dns_name_t *name, int alg, unsigned int flags, + unsigned int protocol, dns_rdataclass_t rdclass, + const char *engine, const char *label, const char *pin, + isc_mem_t *mctx, dst_key_t **keyp); + +isc_result_t dst_key_generate(dns_name_t *name, unsigned int alg, unsigned int bits, unsigned int param, unsigned int flags, unsigned int protocol, diff --git a/contrib/bind9/lib/dns/include/dst/gssapi.h b/contrib/bind9/lib/dns/include/dst/gssapi.h index e30fb0c..446b76d 100644 --- a/contrib/bind9/lib/dns/include/dst/gssapi.h +++ b/contrib/bind9/lib/dns/include/dst/gssapi.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,16 +15,32 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: gssapi.h,v 1.1.6.3 2005/04/29 00:16:28 marka Exp $ */ +/* $Id: gssapi.h,v 1.9.332.2 2009/01/18 23:47:41 tbox Exp $ */ #ifndef DST_GSSAPI_H #define DST_GSSAPI_H 1 -/*! \file */ +/*! \file dst/gssapi.h */ +#include <isc/formatcheck.h> #include <isc/lang.h> - +#include <isc/platform.h> #include <isc/types.h> +#include <dns/types.h> + +#ifdef GSSAPI +#ifdef _WINDOWS +/* + * MSVC does not like macros in #include lines. + */ +#include <gssapi/gssapi.h> +#else +#include ISC_PLATFORM_GSSAPIHEADER +#endif +#ifndef GSS_SPNEGO_MECHANISM +#define GSS_SPNEGO_MECHANISM ((void*)0) +#endif +#endif ISC_LANG_BEGINDECLS @@ -37,20 +53,153 @@ ISC_LANG_BEGINDECLS ***/ isc_result_t -dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate, void **cred); +dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate, + gss_cred_id_t *cred); +/* + * Acquires GSS credentials. + * + * Requires: + * 'name' is a valid name, preferably one known by the GSS provider + * 'initiate' indicates whether the credentials are for initiating or + * accepting contexts + * 'cred' is a pointer to NULL, which will be allocated with the + * credential handle. Call dst_gssapi_releasecred to free + * the memory. + * + * Returns: + * ISC_R_SUCCESS msg was successfully updated to include the + * query to be sent + * other an error occurred while building the message + */ + +isc_result_t +dst_gssapi_releasecred(gss_cred_id_t *cred); +/* + * Releases GSS credentials. Calling this function does release the + * memory allocated for the credential in dst_gssapi_acquirecred() + * + * Requires: + * 'mctx' is a valid memory context + * 'cred' is a pointer to the credential to be released + * + * Returns: + * ISC_R_SUCCESS credential was released successfully + * other an error occurred while releaseing + * the credential + */ + +isc_result_t +dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken, + isc_buffer_t *outtoken, gss_ctx_id_t *gssctx); +/* + * Initiates a GSS context. + * + * Requires: + * 'name' is a valid name, preferably one known by the GSS + * provider + * 'intoken' is a token received from the acceptor, or NULL if + * there isn't one + * 'outtoken' is a buffer to receive the token generated by + * gss_init_sec_context() to be sent to the acceptor + * 'context' is a pointer to a valid gss_ctx_id_t + * (which may have the value GSS_C_NO_CONTEXT) + * + * Returns: + * ISC_R_SUCCESS msg was successfully updated to include the + * query to be sent + * other an error occurred while building the message + */ isc_result_t -dst_gssapi_initctx(dns_name_t *name, void *cred, - isc_region_t *intoken, isc_buffer_t *outtoken, - void **context); +dst_gssapi_acceptctx(gss_cred_id_t cred, + isc_region_t *intoken, isc_buffer_t **outtoken, + gss_ctx_id_t *context, dns_name_t *principal, + isc_mem_t *mctx); +/* + * Accepts a GSS context. + * + * Requires: + * 'mctx' is a valid memory context + * 'cred' is the acceptor's valid GSS credential handle + * 'intoken' is a token received from the initiator + * 'outtoken' is a pointer a buffer pointer used to return the token + * generated by gss_accept_sec_context() to be sent to the + * initiator + * 'context' is a valid pointer to receive the generated context handle. + * On the initial call, it should be a pointer to NULL, which + * will be allocated as a gss_ctx_id_t. Subsequent calls + * should pass in the handle generated on the first call. + * Call dst_gssapi_releasecred to delete the context and free + * the memory. + * + * Requires: + * 'outtoken' to != NULL && *outtoken == NULL. + * + * Returns: + * ISC_R_SUCCESS msg was successfully updated to include the + * query to be sent + * other an error occurred while building the message + */ isc_result_t -dst_gssapi_acceptctx(dns_name_t *name, void *cred, - isc_region_t *intoken, isc_buffer_t *outtoken, - void **context); +dst_gssapi_deletectx(isc_mem_t *mctx, gss_ctx_id_t *gssctx); +/* + * Destroys a GSS context. This function deletes the context from the GSS + * provider and then frees the memory used by the context pointer. + * + * Requires: + * 'mctx' is a valid memory context + * 'context' is a valid GSS context + * + * Returns: + * ISC_R_SUCCESS + */ + + +void +gss_log(int level, const char *fmt, ...) +ISC_FORMAT_PRINTF(2, 3); +/* + * Logging function for GSS. + * + * Requires + * 'level' is the log level to be used, as an integer + * 'fmt' is a printf format specifier + */ + +char * +gss_error_tostring(isc_uint32_t major, isc_uint32_t minor, + char *buf, size_t buflen); +/* + * Render a GSS major status/minor status pair into a string + * + * Requires: + * 'major' is a GSS major status code + * 'minor' is a GSS minor status code + * + * Returns: + * A string containing the text representation of the error codes. + * Users should copy the string if they wish to keep it. + */ +isc_boolean_t +dst_gssapi_identitymatchesrealmkrb5(dns_name_t *signer, dns_name_t *name, + dns_name_t *realm); /* - * XXX + * Compare a "signer" (in the format of a Kerberos-format Kerberos5 + * principal: host/example.com@EXAMPLE.COM) to the realm name stored + * in "name" (which represents the realm name). + * + */ + +isc_boolean_t +dst_gssapi_identitymatchesrealmms(dns_name_t *signer, dns_name_t *name, + dns_name_t *realm); +/* + * Compare a "signer" (in the format of a Kerberos-format Kerberos5 + * principal: host/example.com@EXAMPLE.COM) to the realm name stored + * in "name" (which represents the realm name). + * */ ISC_LANG_ENDDECLS diff --git a/contrib/bind9/lib/dns/include/dst/lib.h b/contrib/bind9/lib/dns/include/dst/lib.h index bd71261..886575e 100644 --- a/contrib/bind9/lib/dns/include/dst/lib.h +++ b/contrib/bind9/lib/dns/include/dst/lib.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lib.h,v 1.1.6.3 2005/04/29 00:16:29 marka Exp $ */ +/* $Id: lib.h,v 1.7 2007/06/19 23:47:17 tbox Exp $ */ #ifndef DST_LIB_H #define DST_LIB_H 1 -/*! \file */ +/*! \file dst/lib.h */ #include <isc/types.h> #include <isc/lang.h> diff --git a/contrib/bind9/lib/dns/include/dst/result.h b/contrib/bind9/lib/dns/include/dst/result.h index aa03b73..d77b72e 100644 --- a/contrib/bind9/lib/dns/include/dst/result.h +++ b/contrib/bind9/lib/dns/include/dst/result.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: result.h,v 1.1.6.3 2005/04/29 00:16:29 marka Exp $ */ +/* $Id: result.h,v 1.9 2008/04/01 23:47:10 tbox Exp $ */ #ifndef DST_RESULT_H #define DST_RESULT_H 1 -/*! \file */ +/*! \file dst/result.h */ #include <isc/lang.h> #include <isc/resultclass.h> @@ -54,8 +54,9 @@ #define DST_R_COMPUTESECRETFAILURE (ISC_RESULTCLASS_DST + 18) #define DST_R_NORANDOMNESS (ISC_RESULTCLASS_DST + 19) #define DST_R_BADKEYTYPE (ISC_RESULTCLASS_DST + 20) +#define DST_R_NOENGINE (ISC_RESULTCLASS_DST + 21) -#define DST_R_NRESULTS 21 /* Number of results */ +#define DST_R_NRESULTS 22 /* Number of results */ ISC_LANG_BEGINDECLS |
