upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-15 03:50:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'v9_9' of ssh://repo.isc.org/proj/git/prod/bind9 into v9_9

Browse source
This commit is contained in:
Tinderbox User 2013-01-04 01:10:43 +00:00
commit c53da0f5d9
127 changed files with 2712 additions and 1137 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
CHANGES
View file

@ -1,3 +1,50 @@
3449. [bug] gen.c: use the pre-processor to construct format
strings so that compiler can perform sanity checks;
check the snprintf results. [RT #17576]
3448. [bug] The allow-query-on ACL was not processed correctly.
[RT #29486]
3447. [port] Add support for libxml2-2.9.x [RT #32231]
3446. [port] win32: Add source ID (see change #3400) to build.
[RT #31683]
3445. [bug] Reject zone files with blank owner names immediately
after $ORIGIN directives. [RT #31848]
3444. [bug] The NOQNAME proof was not being returned from cached
insecure responses. [RT #21409]
3443. [bug] ddns-confgen: Some TSIG algorithms were incorrectly
rejected when generating keys. [RT #31927]
3442. [port] Net::DNS 0.69 introduced a non backwards compatible
change. [RT #32216]
3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13.
3440. [bug] Reorder get_key_struct to not trigger a assertion when
cleaning up due to out of memory error. [RT #32131]
3439. [bug] contrib/dlz error checking fixes. [RT #32102]
3438. [bug] Don't accept unknown data escape in quotes. [RT #32031]
3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialise
buffers with constant data. [RT #32064]
3436. [bug] Check malloc/calloc return values. [RT #32088]
3435. [bug] Cross compilation support in configure was broken.
[RT #32078]
3431. [bug] ddns-confgen: Some valid key algorithms were
not accepted. [RT #31927]
3430. [bug] win32: isc_time_formatISO8601 was missing the
'T' between the date and time. [RT #32044]
3429. [bug] dns_zone_getserial2 could a return success without
returning a valid serial. [RT #32007]

2
COPYRIGHT
View file

@ -1,4 +1,4 @@
Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 1996-2003 Internet Software Consortium.
Permission to use, copy, modify, and/or distribute this software for any

2
bin/check/check-tool.c
View file

@ -600,7 +600,7 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
dns_zone_settype(zone, dns_zone_master);
isc_buffer_init(&buffer, zonename, strlen(zonename));
isc_buffer_constinit(&buffer, zonename, strlen(zonename));
isc_buffer_add(&buffer, strlen(zonename));
dns_fixedname_init(&fixorigin);
origin = dns_fixedname_name(&fixorigin);

18
bin/confgen/keygen.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -126,6 +126,7 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
switch (alg) {
case DST_ALG_HMACMD5:
case DST_ALG_HMACSHA512:
if (keysize < 1 || keysize > 512)
fatal("keysize %d out of range (must be 1-512)\n",
keysize);
@ -135,6 +136,21 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
fatal("keysize %d out of range (must be 1-256)\n",
keysize);
break;
case DST_ALG_HMACSHA1:
if (keysize < 1 || keysize > 160)
fatal("keysize %d out of range (must be 1-160)\n",
keysize);
break;
case DST_ALG_HMACSHA224:
if (keysize < 1 || keysize > 224)
fatal("keysize %d out of range (must be 1-224)\n",
keysize);
break;
case DST_ALG_HMACSHA384:
if (keysize < 1 || keysize > 384)
fatal("keysize %d out of range (must be 1-384)\n",
keysize);
break;
default:
fatal("unsupported algorithm %d\n", alg);
}

2
bin/dig/dig.c
View file

@ -259,7 +259,7 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
time(&tnow);
tmnow = *localtime(&tnow);
if (strftime(time_str, sizeof(time_str),
"%a %b %d %T %Z %Y", &tmnow) > 0)
"%a %b %d %T %Z %Y", &tmnow) > 0U)
printf(";; WHEN: %s\n", time_str);
if (query->lookup->doing_xfr) {
printf(";; XFR size: %u records (messages %u, "

2
bin/dnssec/dnssec-signzone.c
View file

@ -720,6 +720,8 @@ hashlist_add(hashlist_t *l, const unsigned char *hash, size_t len)
if (l->entries == l->size) {
l->size = l->size * 2 + 100;
l->hashbuf = realloc(l->hashbuf, l->size * l->length);
if (l->hashbuf == NULL)
fatal("unable to grow hashlist: out of memory");
}
memset(l->hashbuf + l->entries * l->length, 0, l->length);
memcpy(l->hashbuf + l->entries * l->length, hash, len);

4
bin/named/client.c
View file

@ -2510,10 +2510,10 @@ ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
return (ISC_R_SUCCESS);
cleanup_listlock:
isc_mutex_destroy(&manager->listlock);
(void) isc_mutex_destroy(&manager->listlock);
cleanup_lock:
isc_mutex_destroy(&manager->lock);
(void) isc_mutex_destroy(&manager->lock);
cleanup_manager:
isc_mem_put(manager->mctx, manager, sizeof(*manager));

2
bin/named/config.c
View file

@ -657,7 +657,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
dns_name_init(keys[i - 1], NULL);
keystr = cfg_obj_asstring(key);
isc_buffer_init(&b, keystr, strlen(keystr));
isc_buffer_constinit(&b, keystr, strlen(keystr));
isc_buffer_add(&b, strlen(keystr));
dns_fixedname_init(&fname);
result = dns_name_fromtext(dns_fixedname_name(&fname), &b,

4
bin/named/lwresd.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -368,7 +368,7 @@ ns_lwdmanager_create(isc_mem_t *mctx, const cfg_obj_t *lwres,
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
isc_buffer_init(&namebuf, searchstr,
isc_buffer_constinit(&namebuf, searchstr,
strlen(searchstr));
isc_buffer_add(&namebuf, strlen(searchstr));
result = dns_name_fromtext(name, &namebuf,

19
bin/named/query.c
View file

@ -682,7 +682,7 @@ query_validatezonedb(ns_client_t *client, dns_name_t *name,
dns_dbversion_t **versionp)
{
isc_result_t result;
dns_acl_t *queryacl;
dns_acl_t *queryacl, *queryonacl;
ns_dbversion_t *dbversion;
REQUIRE(zone != NULL);
@ -794,6 +794,21 @@ query_validatezonedb(ns_client_t *client, dns_name_t *name,
client->query.attributes |= NS_QUERYATTR_QUERYOKVALID;
}
/* If and only if we've gotten this far, check allow-query-on too */
if (result == ISC_R_SUCCESS) {
queryonacl = dns_zone_getqueryonacl(zone);
if (queryonacl == NULL)
queryonacl = client->view->queryonacl;
result = ns_client_checkaclsilent(client, NULL,
queryonacl, ISC_TRUE);
if ((options & DNS_GETDB_NOLOG) == 0 &&
result != ISC_R_SUCCESS)
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
NS_LOGMODULE_QUERY, ISC_LOG_INFO,
"query-on denied");
}
dbversion->acl_checked = ISC_TRUE;
if (result != ISC_R_SUCCESS) {
dbversion->queryok = ISC_FALSE;
@ -4211,6 +4226,8 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
dns_clientinfomethods_t cm;
dns_clientinfo_t ci;
REQUIRE(nodep != NULL);
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, client);

36
bin/named/server.c
View file

@ -523,7 +523,7 @@ configure_view_nametable(const cfg_obj_t *vconfig, const cfg_obj_t *config,
element = cfg_list_next(element)) {
nameobj = cfg_listelt_value(element);
str = cfg_obj_asstring(nameobj);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
/*
@ -640,7 +640,7 @@ dstkey_fromconfig(const cfg_obj_t *vconfig, const cfg_obj_t *key,
keystruct.common.rdtype,
&keystruct, &rrdatabuf));
dns_fixedname_init(&fkeyname);
isc_buffer_init(&namebuf, keynamestr, strlen(keynamestr));
isc_buffer_constinit(&namebuf, keynamestr, strlen(keynamestr));
isc_buffer_add(&namebuf, strlen(keynamestr));
CHECK(dns_name_fromtext(keyname, &namebuf, dns_rootname, 0, NULL));
CHECK(dst_key_fromdns(keyname, viewclass, &rrdatabuf,
@ -910,7 +910,7 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver) {
{
obj = cfg_listelt_value(element);
str = cfg_obj_asstring(cfg_tuple_get(obj, "name"));
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
value = cfg_obj_asboolean(cfg_tuple_get(obj, "value"));
@ -1063,7 +1063,7 @@ configure_order(dns_order_t *order, const cfg_obj_t *ent) {
else
str = "*";
addroot = ISC_TF(strcmp(str, "*") == 0);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
dns_fixedname_init(&fixed);
result = dns_name_fromtext(dns_fixedname_name(&fixed), &b,
@ -1249,7 +1249,7 @@ disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) {
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
str = cfg_obj_asstring(cfg_tuple_get(disabled, "name"));
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
@ -1301,7 +1301,7 @@ on_disable_list(const cfg_obj_t *disablelist, dns_name_t *zonename) {
{
value = cfg_listelt_value(element);
str = cfg_obj_asstring(value);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
result = dns_name_fromtext(name, &b, dns_rootname,
0, NULL);
@ -1485,7 +1485,7 @@ dns64_reverse(dns_view_t *view, isc_mem_t *mctx, isc_netaddr_t *na,
dns64_dbtype[3] = contact;
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
isc_buffer_init(&b, reverse, strlen(reverse));
isc_buffer_constinit(&b, reverse, strlen(reverse));
isc_buffer_add(&b, strlen(reverse));
CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
CHECK(dns_zone_create(&zone, mctx));
@ -2734,7 +2734,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
obj = cfg_listelt_value(element);
str = cfg_obj_asstring(cfg_tuple_get(obj,
"trust-anchor"));
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
dlv = dns_fixedname_name(&view->dlv_fixed);
CHECK(dns_name_fromtext(dlv, &b, dns_rootname,
@ -2787,7 +2787,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
element = cfg_list_next(element)) {
exclude = cfg_listelt_value(element);
str = cfg_obj_asstring(exclude);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
CHECK(dns_name_fromtext(name, &b, dns_rootname,
0, NULL));
@ -2837,7 +2837,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
result = ns_config_get(maps, "empty-server", &obj);
if (result == ISC_R_SUCCESS) {
str = cfg_obj_asstring(obj);
isc_buffer_init(&buffer, str, strlen(str));
isc_buffer_constinit(&buffer, str, strlen(str));
isc_buffer_add(&buffer, strlen(str));
CHECK(dns_name_fromtext(name, &buffer, dns_rootname, 0,
NULL));
@ -2852,7 +2852,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
result = ns_config_get(maps, "empty-contact", &obj);
if (result == ISC_R_SUCCESS) {
str = cfg_obj_asstring(obj);
isc_buffer_init(&buffer, str, strlen(str));
isc_buffer_constinit(&buffer, str, strlen(str));
isc_buffer_add(&buffer, strlen(str));
CHECK(dns_name_fromtext(name, &buffer, dns_rootname, 0,
NULL));
@ -2875,7 +2875,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
dns_forwarders_t *forwarders = NULL;
dns_view_t *pview = NULL;
isc_buffer_init(&buffer, empty, strlen(empty));
isc_buffer_constinit(&buffer, empty, strlen(empty));
isc_buffer_add(&buffer, strlen(empty));
/*
* Look for zone on drop list.
@ -3102,7 +3102,7 @@ configure_alternates(const cfg_obj_t *config, dns_view_t *view,
isc_buffer_t buffer;
in_port_t myport = port;
isc_buffer_init(&buffer, str, strlen(str));
isc_buffer_constinit(&buffer, str, strlen(str));
isc_buffer_add(&buffer, strlen(str));
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
@ -3366,7 +3366,7 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
* Get the zone origin as a dns_name_t.
*/
zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
isc_buffer_init(&buffer, zname, strlen(zname));
isc_buffer_constinit(&buffer, zname, strlen(zname));
isc_buffer_add(&buffer, strlen(zname));
dns_fixedname_init(&fixorigin);
CHECK(dns_name_fromtext(dns_fixedname_name(&fixorigin),
@ -4256,7 +4256,7 @@ configure_session_key(const cfg_obj_t **maps, ns_server_t *server,
INSIST(result == ISC_R_SUCCESS);
keynamestr = cfg_obj_asstring(obj);
dns_fixedname_init(&fname);
isc_buffer_init(&buffer, keynamestr, strlen(keynamestr));
isc_buffer_constinit(&buffer, keynamestr, strlen(keynamestr));
isc_buffer_add(&buffer, strlen(keynamestr));
keyname = dns_fixedname_name(&fname);
result = dns_name_fromtext(keyname, &buffer, dns_rootname, 0, NULL);
@ -6076,7 +6076,7 @@ zone_from_args(ns_server_t *server, char *args, const char *zonetxt,
viewtxt = next_token(&input, " \t");
}
isc_buffer_init(&buf, zonetxt, strlen(zonetxt));
isc_buffer_constinit(&buf, zonetxt, strlen(zonetxt));
isc_buffer_add(&buf, strlen(zonetxt));
dns_fixedname_init(&name);
result = dns_name_fromtext(dns_fixedname_name(&name),
@ -7013,7 +7013,7 @@ ns_server_flushnode(ns_server_t *server, char *args, isc_boolean_t tree) {
if (target == NULL)
return (ISC_R_UNEXPECTEDEND);
isc_buffer_init(&b, target, strlen(target));
isc_buffer_constinit(&b, target, strlen(target));
isc_buffer_add(&b, strlen(target));
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
@ -7686,7 +7686,7 @@ ns_server_add_zone(ns_server_t *server, char *args) {
CHECK(cfg_map_get(config, "addzone", &parms));
zonename = cfg_obj_asstring(cfg_tuple_get(parms, "name"));
isc_buffer_init(&buf, zonename, strlen(zonename));
isc_buffer_constinit(&buf, zonename, strlen(zonename));
isc_buffer_add(&buf, strlen(zonename));
dns_name_init(&dnsname, NULL);
isc_buffer_allocate(server->mctx, &nbuf, 256);

8
bin/named/tkeyconf.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2007, 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -73,7 +73,7 @@ ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
if (result == ISC_R_SUCCESS) {
s = cfg_obj_asstring(cfg_tuple_get(obj, "name"));
n = cfg_obj_asuint32(cfg_tuple_get(obj, "keyid"));
isc_buffer_init(&b, s, strlen(s));
isc_buffer_constinit(&b, s, strlen(s));
isc_buffer_add(&b, strlen(s));
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
@ -87,7 +87,7 @@ ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
result = cfg_map_get(options, "tkey-domain", &obj);
if (result == ISC_R_SUCCESS) {
s = cfg_obj_asstring(obj);
isc_buffer_init(&b, s, strlen(s));
isc_buffer_constinit(&b, s, strlen(s));
isc_buffer_add(&b, strlen(s));
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
@ -106,7 +106,7 @@ ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
if (result == ISC_R_SUCCESS) {
s = cfg_obj_asstring(obj);
isc_buffer_init(&b, s, strlen(s));
isc_buffer_constinit(&b, s, strlen(s));
isc_buffer_add(&b, strlen(s));
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);

4
bin/named/tsigconf.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -78,7 +78,7 @@ add_initial_keys(const cfg_obj_t *list, dns_tsig_keyring_t *ring,
* Create the key name.
*/
dns_name_init(&keyname, NULL);
isc_buffer_init(&keynamesrc, keyid, strlen(keyid));
isc_buffer_constinit(&keynamesrc, keyid, strlen(keyid));
isc_buffer_add(&keynamesrc, strlen(keyid));
isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata));
ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,

17
bin/named/zoneconf.c
View file

@ -56,6 +56,7 @@
typedef enum {
allow_notify,
allow_query,
allow_query_on,
allow_transfer,
allow_update,
allow_update_forwarding
@ -104,6 +105,11 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
aclp = &view->queryacl;
aclname = "allow-query";
break;
case allow_query_on:
if (view != NULL)
aclp = &view->queryonacl;
aclname = "allow-query-on";
break;
case allow_transfer:
if (view != NULL)
aclp = &view->transferacl;
@ -269,7 +275,7 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone,
dns_fixedname_init(&fident);
str = cfg_obj_asstring(identity);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
result = dns_name_fromtext(dns_fixedname_name(&fident), &b,
dns_rootname, 0, NULL);
@ -292,7 +298,7 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone,
}
} else {
str = cfg_obj_asstring(dname);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
result = dns_name_fromtext(dns_fixedname_name(&fname),
&b, dns_rootname, 0, NULL);
@ -525,7 +531,7 @@ configure_staticstub_servernames(const cfg_obj_t *zconfig, dns_zone_t *zone,
dns_fixedname_init(&fixed_name);
nsname = dns_fixedname_name(&fixed_name);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
result = dns_name_fromtext(nsname, &b, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS) {
@ -970,6 +976,11 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
dns_zone_setqueryacl,
dns_zone_clearqueryacl));
RETERR(configure_zone_acl(zconfig, vconfig, config,
allow_query_on, ac, zone,
dns_zone_setqueryonacl,
dns_zone_clearqueryonacl));
obj = NULL;
result = ns_config_get(maps, "dialup", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);

4
bin/python/Makefile.in
View file

@ -1,4 +1,4 @@
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@ -12,6 +12,8 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id$
srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@

5
bin/python/dnssec-checkds.docbook
View file

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@ -17,6 +17,8 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id$ -->
<refentry id="man.dnssec-checkds">
<refentryinfo>
<date>April 11, 2012</date>
@ -36,6 +38,7 @@
<docinfo>
<copyright>
<year>2012</year>
<year>2013</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>

4
bin/python/dnssec-checkds.py.in
View file

@ -1,6 +1,6 @@
#!@PYTHON@
############################################################################
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@ -15,6 +15,8 @@
# PERFORMANCE OF THIS SOFTWARE.
############################################################################
# $Id$
import argparse
import pprint
import os

2
bin/tests/adb_test.c
View file

@ -245,7 +245,7 @@ lookup(const char *target) {
INSIST(target != NULL);
client = new_client();
isc_buffer_init(&t, target, strlen(target));
isc_buffer_constinit(&t, target, strlen(target));
isc_buffer_add(&t, strlen(target));
isc_buffer_init(&namebuf, namedata, sizeof(namedata));
dns_name_init(&name, NULL);

4
bin/tests/db/t_db.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2005, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -58,7 +58,7 @@ t_create(const char *db_type, const char *origin, const char *class,
dns_fixedname_init(&dns_origin);
len = strlen(origin);
isc_buffer_init(&origin_buffer, origin, len);
isc_buffer_constinit(&origin_buffer, origin, len);
isc_buffer_add(&origin_buffer, len);
dns_result = dns_name_fromtext(dns_fixedname_name(&dns_origin),
&origin_buffer, NULL, 0, NULL);

2
bin/tests/db_test.c
View file

@ -261,7 +261,7 @@ load(const char *filename, const char *origintext, isc_boolean_t cache) {
ISC_LINK_INIT(dbi, link);
len = strlen(origintext);
isc_buffer_init(&source, origintext, len);
isc_buffer_constinit(&source, origintext, len);
isc_buffer_add(&source, len);
dns_fixedname_init(&forigin);
origin = dns_fixedname_name(&forigin);

8
bin/tests/dst/dst_test.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -54,7 +54,7 @@ use(dst_key_t *key, isc_mem_t *mctx) {
*/
isc_buffer_add(&sigbuf, 1);
isc_buffer_init(&databuf, data, strlen(data));
isc_buffer_constinit(&databuf, data, strlen(data));
isc_buffer_add(&databuf, strlen(data));
isc_buffer_usedregion(&databuf, &datareg);
@ -262,7 +262,7 @@ main(void) {
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
isc_buffer_init(&b, "test.", 5);
isc_buffer_constinit(&b, "test.", 5);
isc_buffer_add(&b, 5);
result = dns_name_fromtext(name, &b, NULL, 0, NULL);
if (result != ISC_R_SUCCESS)
@ -274,7 +274,7 @@ main(void) {
io(name, 49667, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io(name, 2, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
isc_buffer_init(&b, "dh.", 3);
isc_buffer_constinit(&b, "dh.", 3);
isc_buffer_add(&b, 3);
result = dns_name_fromtext(name, &b, NULL, 0, NULL);
if (result != ISC_R_SUCCESS)

8
bin/tests/dst/t_dst.c
View file

@ -104,7 +104,7 @@ use(dst_key_t *key, isc_mem_t *mctx, isc_result_t exp_result, int *nfails) {
dst_context_t *ctx = NULL;
isc_buffer_init(&sigbuf, sig, sizeof(sig));
isc_buffer_init(&databuf, data, strlen(data));
isc_buffer_constinit(&databuf, data, strlen(data));
isc_buffer_add(&databuf, strlen(data));
isc_buffer_usedregion(&databuf, &datareg);
@ -466,7 +466,7 @@ t1(void) {
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
isc_buffer_init(&b, "test.", 5);
isc_buffer_constinit(&b, "test.", 5);
isc_buffer_add(&b, 5);
isc_result = dns_name_fromtext(name, &b, NULL, 0, NULL);
if (isc_result != ISC_R_SUCCESS) {
@ -488,7 +488,7 @@ t1(void) {
io(name, 2, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, DST_R_NULLKEY, &nfails, &nprobs);
isc_buffer_init(&b, "dh.", 3);
isc_buffer_constinit(&b, "dh.", 3);
isc_buffer_add(&b, 3);
isc_result = dns_name_fromtext(name, &b, NULL, 0, NULL);
if (isc_result != ISC_R_SUCCESS) {
@ -750,7 +750,7 @@ t2_sigchk(char *datapath, char *sigpath, char *keyname,
*/
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
isc_buffer_init(&b, keyname, strlen(keyname));
isc_buffer_constinit(&b, keyname, strlen(keyname));
isc_buffer_add(&b, strlen(keyname));
isc_result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL);
if (isc_result != ISC_R_SUCCESS) {

7
bin/tests/names/t_names.c
View file

@ -2194,7 +2194,8 @@ static const char *a52 =
static int
test_dns_name_towire(char *testname, unsigned int dc_method, char *exp_data,
int exp_data_len, isc_result_t exp_result, size_t buflen)
size_t exp_data_len, isc_result_t exp_result,
size_t buflen)
{
int result;
int val;
@ -2263,6 +2264,7 @@ t_dns_name_towire_x(const char *testfile, size_t buflen) {
int result;
unsigned int dc_method;
isc_result_t exp_result;
size_t exp_data_len;
char *p;
FILE *fp;
@ -2292,11 +2294,12 @@ t_dns_name_towire_x(const char *testfile, size_t buflen) {
dc_method = t_dc_method_fromtext(Tokens[3]);
exp_result = t_dns_result_fromtext(Tokens[4]);
exp_data_len = strtoul(Tokens[3], NULL, 10);
result = test_dns_name_towire(Tokens[0],
dc_method,
Tokens[2],
atoi(Tokens[3]),
exp_data_len,
exp_result,
buflen);
} else {

4
bin/tests/sig0_test.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -261,7 +261,7 @@ main(int argc, char *argv[]) {
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
isc_buffer_init(&b, "child.example.", strlen("child.example."));
isc_buffer_constinit(&b, "child.example.", strlen("child.example."));
isc_buffer_add(&b, strlen("child.example."));
result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL);
CHECK("dns_name_fromtext", result);

47
bin/tests/system/allow_query/ns2/named57.conf Normal file
View file

@ -0,0 +1,47 @@
/*
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
controls { /* empty */ };
options {
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion no;
};
include "../../common/controls.conf";
view "internal" {
allow-query-on { any; };
zone "." {
type hint;
file "../../common/root.hint";
};
zone "normal.example" {
type master;
file "normal.db";
};
zone "aclnotallow.example" {
type master;
file "aclnotallow.db";
allow-query-on { none; };
};
};

17
bin/tests/system/allow_query/tests.sh
View file

@ -612,6 +612,23 @@ grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
# Test 57 - zones over views, zones disallow, query refused (allow-query-on)
n=`expr $n + 1`
cp -f ns2/named57.conf ns2/named.conf
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /'
sleep 5
echo "I:test $n: zones over views, allow-query-on"
ret=0
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.1.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.1.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.1.$n > /dev/null || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a > dig.out.ns2.2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.2.$n > /dev/null || ret=1
grep '^a.aclnotallow.example' dig.out.ns2.2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status"
exit $status

45
bin/tests/system/ans.pl
View file

@ -107,9 +107,16 @@ $SIG{TERM} = \&rmpid;
my @rules;
sub handleUDP {
my ($buf) = @_;
my $request;
my ($request, $err) = new Net::DNS::Packet(\$buf, 0);
$err and die $err;
if ($Net::DNS::VERSION > 0.68) {
$request = new Net::DNS::Packet(\$buf, 0);
$@ and die $@;
} else {
my $err;
($request, $err) = new Net::DNS::Packet(\$buf, 0);
$err and die $err;
}
my @questions = $request->question;
my $qname = $questions[0]->qname;
@ -155,11 +162,13 @@ sub handleUDP {
# function will attempt to decrement it,
# which is incorrect in a response. Finally
# we set request_mac to the previous digest.
$packet->{"compnames"} = {};
$packet->{"header"}{"arcount"} += 1;
$packet->{"compnames"} = {}
if ($Net::DNS::VERSION < 0.70);
$packet->{"header"}{"arcount"} += 1
if ($Net::DNS::VERSION < 0.70);
if (defined($prev_tsig)) {
my $rmac = pack('n H*',
$prev_tsig->mac_size,
length($prev_tsig->mac)/2,
$prev_tsig->mac);
$tsig->{"request_mac"} =
unpack("H*", $rmac);
@ -288,9 +297,16 @@ sub sign_tcp_continuation {
sub handleTCP {
my ($buf) = @_;
my $request;
my ($request, $err) = new Net::DNS::Packet(\$buf, 0);
$err and die $err;
if ($Net::DNS::VERSION > 0.68) {
$request = new Net::DNS::Packet(\$buf, 0);
$@ and die $@;
} else {
my $err;
($request, $err) = new Net::DNS::Packet(\$buf, 0);
$err and die $err;
}
my @questions = $request->question;
my $qname = $questions[0]->qname;
@ -306,6 +322,7 @@ sub handleTCP {
# get the existing signature if any, and clear the additional section
my $prev_tsig;
my $signer;
my $continuation = 0;
while (my $rr = $request->pop("additional")) {
if ($rr->type eq "TSIG") {
$prev_tsig = $rr;
@ -342,19 +359,25 @@ sub handleTCP {
# function will attempt to decrement it,
# which is incorrect in a response. Finally
# we set request_mac to the previous digest.
$packet->{"compnames"} = {};
$packet->{"header"}{"arcount"} += 1;
$packet->{"compnames"} = {}
if ($Net::DNS::VERSION < 0.70);
$packet->{"header"}{"arcount"} += 1
if ($Net::DNS::VERSION < 0.70);
if (defined($prev_tsig)) {
my $rmac = pack('n H*',
$prev_tsig->mac_size,
length($prev_tsig->mac)/2,
$prev_tsig->mac);
$tsig->{"request_mac"} =
unpack("H*", $rmac);
}
$tsig->sign_func($signer) if defined($signer);
$tsig->continuation($continuation)
if ($Net::DNS::VERSION >= 0.71);
$packet->sign_tsig($tsig);
$signer = \&sign_tcp_continuation;
$signer = \&sign_tcp_continuation
if ($Net::DNS::VERSION < 0.70);
$continuation = 1;
my $copy =
Net::DNS::Packet->new(\($packet->data));

1
bin/tests/system/autosign/clean.sh
View file

@ -52,3 +52,4 @@ rm -f ns3/nozsk.example.db ns3/inaczsk.example.db
rm -f ns3/ttl*.db
rm -f signing.out.*
rm -f ns3/*.nzf
rm -f digcomp.out.test*

17
bin/tests/system/autosign/tests.sh
View file

@ -240,13 +240,18 @@ $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 sync 2>&1 | sed 's/^/I:ns2 /'
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 sync 2>&1 | sed 's/^/I:ns3 /'
echo "I:checking expired signatures were updated ($n)"
ret=0
$DIG $DIGOPTS +noauth a.oldsigs.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth a.oldsigs.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
for i in 1 2 3 4 5 6 7 8 9
do
ret=0
$DIG $DIGOPTS +noauth a.oldsigs.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS +noauth a.oldsigs.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n > digcomp.out.test$n || ret=1
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
[ $ret = 0 ] && break
sleep 1
done
if [ $ret != 0 ]; then cat digcomp.out.test$n; echo "I:failed"; fi
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:checking NSEC->NSEC3 conversion succeeded ($n)"

4
bin/tests/system/cacheclean/ns1/example.db
View file

@ -1,4 +1,4 @@
; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
; Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
; Copyright (C) 2001 Internet Software Consortium.
;
; Permission to use, copy, modify, and/or distribute this software for any
@ -606,7 +606,6 @@ NS0 IN A 202.12.30.131
ns1 IN A 202.12.30.33
$ORIGIN WIDE.AD.JP.
NS IN A 203.178.136.63
$ORIGIN co.JP.
IN MX 10 integra.s-integra.co.jp.
$ORIGIN s-integra.co.JP.
integra IN A 210.162.202.34
@ -1175,7 +1174,6 @@ $ORIGIN ADVSYS.CO.UK.
BARNEY IN A 194.72.124.2
$ORIGIN WR.UMIST.AC.UK.
AARDVARK IN A 130.88.146.3
$ORIGIN UCL.AC.UK.
IN A 128.16.5.31
IN MX 10 bells.cs.ucl.ac.uk.
IN MX 11 haig.cs.ucl.ac.uk.

4
bin/tests/system/checkconf/bad-also-notify.conf
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -14,6 +14,8 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id$ */
/*
* Missing master in also-notify clause.
*/

4
bin/tests/system/checkconf/bad-dnssec.conf
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -14,6 +14,8 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id$ */
zone not-inline {
type slave;
masters { 127.0.0.1; };

4
bin/tests/system/checkconf/bad-tsig.conf
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -14,6 +14,8 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id$ */
/* Bad secret */
key "badtsig" {
algorithm hmac-md5;

4
bin/tests/system/checkds/clean.sh
View file

@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@ -14,4 +14,6 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id$
rm -f checkds.*

4
bin/tests/system/checkds/dig.sh
View file

@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@ -14,6 +14,8 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id$
while [ "$#" != 0 ]; do
case $1 in

4
bin/tests/system/checkds/setup.sh
View file

@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@ -14,4 +14,6 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id$
sh clean.sh

4
bin/tests/system/checkds/tests.sh
View file

@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@ -14,6 +14,8 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id$
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh

3
bin/tests/system/conf.sh.in
View file

@ -61,7 +61,8 @@ SUBDIRS="acl allow_query addzone autosign builtin cacheclean checkconf
logfileconfig lwresd masterfile masterformat metadata notify
nsupdate pending pkcs11 redirect resolver rndc rpz rrsetorder
rsabigexponent sortlist smartsign staticstub stub tkey tsig
tsiggss unknown upforwd verify views xfer xferquota zonechecks"
tsiggss unknown upforwd verify views wildcard xfer xferquota
zonechecks"
# PERL will be an empty string if no perl interpreter was found.
PERL=@PERL@

1
bin/tests/system/masterfile/knowngood.dig.out
View file

@ -5,7 +5,6 @@ a.include. 300 IN A 10.0.0.99
a.a.include. 300 IN A 10.0.1.1
b.foo.a.include. 300 IN A 10.0.2.2
b.include. 300 IN A 10.0.0.2
b.include. 300 IN A 10.0.0.99
a.b.include. 300 IN A 10.0.1.1
c.b.include. 300 IN A 10.0.0.3
b.foo.b.include. 300 IN A 10.0.2.2

4
bin/tests/system/masterfile/ns1/include.db
View file

@ -1,4 +1,4 @@
; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
; Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
; Copyright (C) 2001 Internet Software Consortium.
;
; Permission to use, copy, modify, and/or distribute this software for any
@ -37,5 +37,5 @@ b A 10.0.0.2
$ORIGIN b
$INCLUDE sub.db
; use the current domain name
A 10.0.0.99
; A 10.0.0.99
c A 10.0.0.3

4
bin/tests/system/nsupdate/clean.sh
View file

@ -22,7 +22,9 @@
#
rm -f ns1/*.jnl ns2/*.jnl
rm -f ns1/example.db ns1/unixtime.db ns1/update.db ns1/other.db ns1/ddns.key
rm -f ns1/example.db ns1/unixtime.db ns1/update.db ns1/other.db ns1/keytests.db
rm -f ns1/md5.key ns1/sha1.key ns1/sha224.key ns1/sha256.key ns1/sha384.key
rm -f ns1/sha512.key ns1/ddns.key
rm -f nsupdate.out
rm -f random.data
rm -f ns2/example.bk

23
bin/tests/system/nsupdate/ns1/named.conf
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2005, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -63,7 +63,7 @@ zone "other.nil" {
file "other.db";
check-integrity no;
update-policy local;
allow-query-on { 127.0.0.1; };
allow-query-on { 10.53.0.1; 127.0.0.1; };
allow-transfer { any; };
};
@ -90,3 +90,22 @@ zone "unixtime.nil" {
serial-update-method unixtime;
};
include "md5.key";
include "sha1.key";
include "sha224.key";
include "sha256.key";
include "sha384.key";
include "sha512.key";
zone "keytests.nil" {
type master;
file "keytests.db";
update-policy {
grant md5-key name md5.keytests.nil. ANY;
grant sha1-key name sha1.keytests.nil. ANY;
grant sha224-key name sha224.keytests.nil. ANY;
grant sha256-key name sha256.keytests.nil. ANY;
grant sha384-key name sha384.keytests.nil. ANY;
grant sha512-key name sha512.keytests.nil. ANY;
};
};

8
bin/tests/system/nsupdate/setup.sh
View file

@ -31,6 +31,7 @@ rm -f ns3/example.db.jnl
cp -f ns1/example1.db ns1/example.db
sed 's/example.nil/other.nil/g' ns1/example1.db > ns1/other.db
sed 's/example.nil/unixtime.nil/g' ns1/example1.db > ns1/unixtime.db
sed 's/example.nil/keytests.nil/g' ns1/example1.db > ns1/keytests.db
cp -f ns3/example.db.in ns3/example.db
# update_test.pl has its own zone file because it
@ -53,4 +54,11 @@ EOF
../../../tools/genrandom 400 random.data
$DDNSCONFGEN -q -r random.data -z example.nil > ns1/ddns.key
$DDNSCONFGEN -q -r random.data -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key
$DDNSCONFGEN -q -r random.data -a hmac-sha1 -k sha1-key -z keytests.nil > ns1/sha1.key
$DDNSCONFGEN -q -r random.data -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
$DDNSCONFGEN -q -r random.data -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
$DDNSCONFGEN -q -r random.data -a hmac-sha384 -k sha384-key -z keytests.nil > ns1/sha384.key
$DDNSCONFGEN -q -r random.data -a hmac-sha512 -k sha512-key -z keytests.nil > ns1/sha512.key
(cd ns3; sh -e sign.sh)

193
bin/tests/system/nsupdate/tests.sh
View file

@ -41,113 +41,137 @@ while true; do
fi
done
ret=0
echo "I:fetching first copy of zone before update"
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
@10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1
@10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
ret=0
echo "I:fetching second copy of zone before update"
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
@10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1
@10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
ret=0
echo "I:comparing pre-update copies to known good data"
$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns1 || status=1
$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns2 || status=1
$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns1 || ret=1
$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns2 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
ret=0
echo "I:updating zone"
# nsupdate will print a ">" prompt to stdout as it gets each input line.
$NSUPDATE -k ns1/ddns.key <<END > /dev/null || status=1
$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1
server 10.53.0.1 5300
update add updated.example.nil. 600 A 10.10.10.1
add updated.example.nil. 600 TXT Foo
delete t.example.nil.
END
[ $ret = 0 ] || { echo I:failed; status=1; }
echo "I:sleeping 5 seconds for server to incorporate changes"
sleep 5
ret=0
echo "I:fetching first copy of zone after update"
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
@10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1
@10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
ret=0
echo "I:fetching second copy of zone after update"
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
@10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1
@10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
ret=0
echo "I:comparing post-update copies to known good data"
$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || status=1
$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns2 || status=1
$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || ret=1
$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns2 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
ret=0
echo "I:testing local update policy"
pre=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || status=1
[ -z "$pre" ] || status=1
pre=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || ret=1
[ -z "$pre" ] || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
ret=0
echo "I:updating zone"
# nsupdate will print a ">" prompt to stdout as it gets each input line.
$NSUPDATE -l -p 5300 -k ns1/session.key > /dev/null <<END || status=1
$NSUPDATE -l -p 5300 -k ns1/session.key > /dev/null <<END || ret=1
zone other.nil.
update add new.other.nil. 600 IN A 10.10.10.1
send
END
[ $ret = 0 ] || { echo I:failed; status=1; }
echo "I:sleeping 5 seconds for server to incorporate changes"
sleep 5
ret=0
echo "I:checking result of update"
post=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || status=1
[ "$post" = "10.10.10.1" ] || status=1
post=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || ret=1
[ "$post" = "10.10.10.1" ] || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
ret=0
echo "I:comparing post-update copy to known good data"
$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || status=1
$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
ret=0
echo "I:testing zone consistency checks"
# inserting an NS record without a corresponding A or AAAA record should fail
$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END && status=1
$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END && ret=1
update add other.nil. 600 in ns ns3.other.nil.
send
END
grep REFUSED nsupdate.out > /dev/null 2>&1 || status=1
grep REFUSED nsupdate.out > /dev/null 2>&1 || ret=1
# ...but should work if an A record is inserted first:
$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || status=1
$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1
update add ns4.other.nil 600 in a 10.53.0.1
send
update add other.nil. 600 in ns ns4.other.nil.
send
END
grep REFUSED nsupdate.out > /dev/null 2>&1 && status=1
grep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1
# ...or if an AAAA record does:
$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || status=1
$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1
update add ns5.other.nil 600 in aaaa 2001:db8::1
send
update add other.nil. 600 in ns ns5.other.nil.
send
END
grep REFUSED nsupdate.out > /dev/null 2>&1 && status=1
grep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1
# ...or if the NS and A/AAAA are inserted together:
$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || status=1
$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1
update add other.nil. 600 in ns ns6.other.nil.
update add ns6.other.nil 600 in a 10.53.0.1
send
END
grep REFUSED nsupdate.out > /dev/null 2>&1 && status=1
grep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
echo "I:sleeping 5 seconds for server to incorporate changes"
sleep 5
ret=0
echo "I:checking result of update"
$DIG +short @10.53.0.1 -p 5300 ns other.nil > dig.out.ns1 || status=1
grep ns3.other.nil dig.out.ns1 > /dev/null 2>&1 && status=1
grep ns4.other.nil dig.out.ns1 > /dev/null 2>&1 || status=1
grep ns5.other.nil dig.out.ns1 > /dev/null 2>&1 || status=1
grep ns6.other.nil dig.out.ns1 > /dev/null 2>&1 || status=1
$DIG +short @10.53.0.1 -p 5300 ns other.nil > dig.out.ns1 || ret=1
grep ns3.other.nil dig.out.ns1 > /dev/null 2>&1 && ret=1
grep ns4.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1
grep ns5.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1
grep ns6.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
ret=0
echo "I:check SIG(0) key is accepted"
key=`$KEYGEN -q -r random.data -a NSEC3RSASHA1 -b 512 -T KEY -n ENTITY xxx`
echo "" | $NSUPDATE -k ${key}.private > /dev/null 2>&1 || ret=1
if [ $ret -ne 0 ]; then
echo "I:failed"
status=1
fi
[ $ret = 0 ] || { echo I:failed; status=1; }
n=`expr $n + 1`
ret=0
@ -158,12 +182,8 @@ $NSUPDATE <<END > nsupdate.out 2>&1 && ret=1
update add example.nil. in type0 ""
send
END
grep "unknown class/type" nsupdate.out > /dev/null 2>&1 ||
ret=1
if [ $ret -ne 0 ]; then
echo "I:failed"
status=1
fi
grep "unknown class/type" nsupdate.out > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
n=`expr $n + 1`
ret=0
@ -175,10 +195,7 @@ $NSUPDATE -k ns1/ddns.key <<END > nsupdate.out 2>&1 || ret=1
END
$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n
grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1
if [ $ret -ne 0 ]; then
echo "I:failed"
status=1
fi
[ $ret = 0 ] || { echo I:failed; status=1; }
n=`expr $n + 1`
ret=0
@ -187,11 +204,7 @@ echo "a0e4280000010000000100000000060001c00c000000fe000000000000" |
$PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null
$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n
grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1
if test $ret -ne 0
then
echo "I:failed"
status=1
fi
[ $ret = 0 ] || { echo I:failed; status=1; }
n=`expr $n + 1`
echo "I:check that TYPE=0 additional data is handled ($n)"
@ -199,11 +212,7 @@ echo "a0e4280000010000000000010000060001c00c000000fe000000000000" |
$PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null
$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n
grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1
if test $ret -ne 0
then
echo "I:failed"
status=1
fi
[ $ret = 0 ] || { echo I:failed; status=1; }
n=`expr $n + 1`
echo "I:check that update to undefined class is handled ($n)"
@ -211,11 +220,7 @@ echo "a0e4280000010001000000000000060101c00c000000fe000000000000" |
$PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null
$DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n
grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1
if test $ret -ne 0
then
echo "I:failed"
status=1
fi
[ $ret = 0 ] || { echo I:failed; status=1; }
n=`expr $n + 1`
echo "I:check that unixtime serial number is correctly generated ($n)"
@ -233,10 +238,7 @@ serial=`$DIG +short unixtime.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` ||
# allow up to 2 seconds difference between the serial
# number and the unix epoch date but no more
$PERL -e 'exit 1 if abs($ARGV[1] - $ARGV[0]) > 2;' $now $serial || ret=1
if [ $ret -ne 0 ]; then
echo "I:failed"
status=1
fi
[ $ret = 0 ] || { echo I:failed; status=1; }
if $PERL -e 'use Net::DNS;' 2>/dev/null
then
@ -246,16 +248,21 @@ else
echo "I:The second part of this test requires the Net::DNS library." >&2
fi
ret=0
echo "I:fetching first copy of test zone"
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
@10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1
@10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
echo "I:fetching second copy of test zone"
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
@10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1
@10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
ret=0
echo "I:comparing zones"
$PERL ../digcomp.pl dig.out.ns1 dig.out.ns2 || status=1
$PERL ../digcomp.pl dig.out.ns1 dig.out.ns2 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
echo "I:SIGKILL and restart server ns1"
cd ns1
@ -264,7 +271,7 @@ rm named.pid
cd ..
sleep 10
if
$PERL $SYSTEMTESTTOP/start.pl --noclean . ns1
$PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns1
then
echo "I:restarted server ns1"
else
@ -273,23 +280,29 @@ else
fi
sleep 10
ret=0
echo "I:fetching ns1 after hard restart"
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
@10.53.0.1 axfr -p 5300 > dig.out.ns1.after || status=1
@10.53.0.1 axfr -p 5300 > dig.out.ns1.after || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
ret=0
echo "I:comparing zones"
$PERL ../digcomp.pl dig.out.ns1 dig.out.ns1.after || status=1
$PERL ../digcomp.pl dig.out.ns1 dig.out.ns1.after || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
echo "I:begin RT #482 regression test"
ret=0
echo "I:update master"
$NSUPDATE -k ns1/ddns.key <<END > /dev/null || status=1
$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1
server 10.53.0.1 5300
update add updated2.example.nil. 600 A 10.10.10.2
update add updated2.example.nil. 600 TXT Bar
update delete c.example.nil.
send
END
[ $ret = 0 ] || { echo I:failed; status=1; }
sleep 5
@ -298,14 +311,16 @@ kill -HUP `cat ns2/named.pid`
sleep 5
ret=0
echo "I:update master again"
$NSUPDATE -k ns1/ddns.key <<END > /dev/null || status=1
$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1
server 10.53.0.1 5300
update add updated3.example.nil. 600 A 10.10.10.3
update add updated3.example.nil. 600 TXT Zap
del d.example.nil.
send
END
[ $ret = 0 ] || { echo I:failed; status=1; }
sleep 5
@ -314,16 +329,18 @@ kill -HUP `cat ns2/named.pid`
sleep 5
echo "I:check to 'out of sync' message"
if grep "out of sync" ns2/named.run
then
echo "I: failed (found 'out of sync')"
status=1
fi
echo "I:end RT #482 regression test"
n=`expr $n + 1`
echo "I:start NSEC3PARAM changes via UPDATE on a unsigned zone test ($n)"
ret=0
echo "I:start NSEC3PARAM changes via UPDATE on a unsigned zone test ($n)"
$NSUPDATE << EOF
server 10.53.0.3 5300
update add example 3600 nsec3param 1 0 0 -
@ -338,11 +355,11 @@ $DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec example.\
@10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1
grep "ANSWER: 0" dig.out.ns3.$n > /dev/null || ret=1
grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi
[ $ret = 0 ] || { echo I:failed; status=1; }
n=`expr $n + 1`
echo "I:change the NSEC3PARAM ttl via update ($n)"
ret=0
echo "I:change the NSEC3PARAM ttl via update ($n)"
$NSUPDATE << EOF
server 10.53.0.3 5300
update add nsec3param.test 3600 NSEC3PARAM 1 0 1 -
@ -356,11 +373,11 @@ $DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec nsec3param.test.\
grep "ANSWER: 1" dig.out.ns3.$n > /dev/null || ret=1
grep "3600.*NSEC3PARAM" dig.out.ns3.$n > /dev/null || ret=1
grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi
[ $ret = 0 ] || { echo I:failed; status=1; }
n=`expr $n + 1`
echo "I:add a new the NSEC3PARAM via update ($n)"
ret=0
echo "I:add a new the NSEC3PARAM via update ($n)"
$NSUPDATE << EOF
server 10.53.0.3 5300
update add nsec3param.test 3600 NSEC3PARAM 1 0 4 -
@ -377,8 +394,8 @@ grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1
if [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi
n=`expr $n + 1`
echo "I:add, delete and change the ttl of the NSEC3PARAM rrset via update ($n)"
ret=0
echo "I:add, delete and change the ttl of the NSEC3PARAM rrset via update ($n)"
$NSUPDATE << EOF
server 10.53.0.3 5300
update delete nsec3param.test NSEC3PARAM
@ -406,7 +423,7 @@ if [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi
echo "I:testing that rndc stop updates the master file"
$NSUPDATE -k ns1/ddns.key <<END > /dev/null || status=1
$NSUPDATE -k ns1/ddns.key <<END > /dev/null || ret=1
server 10.53.0.1 5300
update add updated4.example.nil. 600 A 10.10.10.3
send
@ -416,10 +433,11 @@ $PERL $SYSTEMTESTTOP/stop.pl --use-rndc . ns1
# that the data served by the new server process are exactly
# those dumped to the master file by "rndc stop".
rm -f ns1/*jnl
$PERL $SYSTEMTESTTOP/start.pl --noclean . ns1
$PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns1
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd updated4.example.nil.\
@10.53.0.1 a -p 5300 > dig.out.ns1 || status=1
$PERL ../digcomp.pl knowngood.ns1.afterstop dig.out.ns1 || status=1
$PERL ../digcomp.pl knowngood.ns1.afterstop dig.out.ns1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
ret=0
echo "I:check that 'nsupdate -l' with a missing keyfile reports the missing file"
@ -484,5 +502,24 @@ if [ $ret -ne 0 ]; then
status=1
fi
n=`expr $n + 1`
ret=0
echo "I:check TSIG key algorithms ($n)"
for alg in md5 sha1 sha224 sha256 sha384 sha512; do
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
server 10.53.0.1 5300
update add ${alg}.keytests.nil. 600 A 10.10.10.3
send
END
done
sleep 2
for alg in md5 sha1 sha224 sha256 sha384 sha512; do
$DIG +short @10.53.0.1 -p 5300 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1
done
if [ $ret -ne 0 ]; then
echo "I:failed"
status=1
fi
echo "I:exit status: $status"
exit $status

108
bin/tests/system/nsupdate/update_test.pl
View file

@ -120,7 +120,7 @@ test("NOERROR", ["pre", nxdomain("a.$zone")]);
# RRset does not exist
test("NOERROR", ["pre", nxrrset("a.$zone A")]);
# RRset exists (value dependent)
test("NXRRSET", ["pre", yxrrset("a.$zone 300 A 73.80.65.49")]);
test("NXRRSET", ["pre", yxrrset("a.$zone A 73.80.65.49")]);
section ("Simple creation of data");
@ -136,7 +136,7 @@ test("YXDOMAIN", ["pre", nxdomain("a.$zone")]);
# RRset does not exist
test("YXRRSET", ["pre", nxrrset("a.$zone A")]);
# RRset exists (value dependent)
test("NOERROR", ["pre", yxrrset("a.$zone 300 A 73.80.65.49")]);
test("NOERROR", ["pre", yxrrset("a.$zone A 73.80.65.49")]);
#
# Merging of RRsets
@ -145,17 +145,17 @@ test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.50")]);
section("Detailed tests of \"RRset exists (value dependent)\" prerequisites");
test("NOERROR", ["pre",
yxrrset("a.$zone 300 A 73.80.65.49"),
yxrrset("a.$zone 300 A 73.80.65.50")]);
yxrrset("a.$zone A 73.80.65.49"),
yxrrset("a.$zone A 73.80.65.50")]);
test("NOERROR", ["pre",
yxrrset("a.$zone 300 A 73.80.65.50"),
yxrrset("a.$zone 300 A 73.80.65.49")]);
test("NXRRSET", ["pre", yxrrset("a.$zone 300 A 73.80.65.49")]);
test("NXRRSET", ["pre", yxrrset("a.$zone 300 A 73.80.65.50")]);
yxrrset("a.$zone A 73.80.65.50"),
yxrrset("a.$zone A 73.80.65.49")]);
test("NXRRSET", ["pre", yxrrset("a.$zone A 73.80.65.49")]);
test("NXRRSET", ["pre", yxrrset("a.$zone A 73.80.65.50")]);
test("NXRRSET", ["pre",
yxrrset("a.$zone 300 A 73.80.65.49"),
yxrrset("a.$zone 300 A 73.80.65.50"),
yxrrset("a.$zone 300 A 73.80.65.51")]);
yxrrset("a.$zone A 73.80.65.49"),
yxrrset("a.$zone A 73.80.65.50"),
yxrrset("a.$zone A 73.80.65.51")]);
section("Torture test of \"RRset exists (value dependent)\" prerequisites.");
@ -175,31 +175,31 @@ test("NOERROR", ["update",
rr_add("e.$zone 300 MX 10 mail.$zone")]);
test("NOERROR", ["pre",
yxrrset("e.$zone 300 A 73.80.65.52"),
yxrrset("e.$zone 300 TXT 'two'"),
yxrrset("e.$zone 300 A 73.80.65.51"),
yxrrset("e.$zone 300 TXT 'three'"),
yxrrset("e.$zone 300 A 73.80.65.50"),
yxrrset("f.$zone 300 A 73.80.65.52"),
yxrrset("e.$zone 300 A 73.80.65.49"),
yxrrset("e.$zone 300 TXT 'one'")]);
yxrrset("e.$zone A 73.80.65.52"),
yxrrset("e.$zone TXT 'two'"),
yxrrset("e.$zone A 73.80.65.51"),
yxrrset("e.$zone TXT 'three'"),
yxrrset("e.$zone A 73.80.65.50"),
yxrrset("f.$zone A 73.80.65.52"),
yxrrset("e.$zone A 73.80.65.49"),
yxrrset("e.$zone TXT 'one'")]);
section("Subtraction of RRsets");
test("NOERROR", ["update", rr_del("a.$zone 300 A 73.80.65.49")]);
test("NOERROR", ["update", rr_del("a.$zone A 73.80.65.49")]);
test("NOERROR", ["pre",
yxrrset("a.$zone 300 A 73.80.65.50")]);
yxrrset("a.$zone A 73.80.65.50")]);
test("NOERROR", ["update", rr_del("a.$zone 300 A 73.80.65.50")]);
test("NOERROR", ["pre", nxrrset("a.$zone 300 A")]);
test("NOERROR", ["update", rr_del("a.$zone A 73.80.65.50")]);
test("NOERROR", ["pre", nxrrset("a.$zone A")]);
test("NOERROR", ["pre", nxdomain("a.$zone")]);
section("Other forms of deletion");
test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.49")]);
test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.50")]);
test("NOERROR", ["update", rr_add("a.$zone 300 MX 10 mail.$zone")]);
test("NOERROR", ["update", rr_del("a.$zone 300 A")]);
test("NOERROR", ["pre", nxrrset("a.$zone 300 A")]);
test("NOERROR", ["update", rr_del("a.$zone A")]);
test("NOERROR", ["pre", nxrrset("a.$zone A")]);
test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.49")]);
test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.50")]);
test("NOERROR", ["update", rr_del("a.$zone")]);
@ -207,12 +207,12 @@ test("NOERROR", ["pre", nxdomain("a.$zone")]);
section("Case insensitivity");
test("NOERROR", ["update", rr_add("a.$zone 300 PTR foo.net.")]);
test("NOERROR", ["pre", yxrrset("A.$zone 300 PTR fOo.NeT.")]);
test("NOERROR", ["pre", yxrrset("A.$zone PTR fOo.NeT.")]);
section("Special CNAME rules");
test("NOERROR", ["update", rr_add("b.$zone 300 CNAME foo.net.")]);
test("NOERROR", ["update", rr_add("b.$zone 300 A 73.80.65.49")]);
test("NOERROR", ["pre", yxrrset("b.$zone 300 CNAME foo.net.")]);
test("NOERROR", ["pre", yxrrset("b.$zone CNAME foo.net.")]);
test("NOERROR", ["pre", nxrrset("b.$zone A")]);
test("NOERROR", ["update", rr_add("c.$zone 300 A 73.80.65.49")]);
@ -232,9 +232,9 @@ test("NOERROR", ["pre", nxrrset("c.$zone CNAME")]);
#test("NOERROR", ["update", rr_add("c.$zone 300 WKS 73.80.65.50 TCP telnet ftp")]);
#test("NOERROR", ["update", rr_add("c.$zone 300 WKS 73.80.65.49 TCP smtp")]);
#test("NOERROR", ["pre",
# yxrrset("c.$zone 300 WKS 73.80.65.49 TCP smtp"),
# yxrrset("c.$zone 300 WKS 73.80.65.49 UDP telnet ftp"),
# yxrrset("c.$zone 300 WKS 73.80.65.50 TCP telnet ftp")]);
# yxrrset("c.$zone WKS 73.80.65.49 TCP smtp"),
# yxrrset("c.$zone WKS 73.80.65.49 UDP telnet ftp"),
# yxrrset("c.$zone WKS 73.80.65.50 TCP telnet ftp")]);
section("Special NS rules");
@ -248,37 +248,37 @@ section("Special NS rules");
test("NOERROR", ["update",
rr_add("$zone 300 NS ns1.$zone"),
rr_add("$zone 300 NS ns2.$zone")]);
test("NOERROR", ["update", rr_del("$zone 300 NS ns1.$zone")]);
test("NOERROR", ["update", rr_del("$zone 300 NS ns2.$zone")]);
test("NOERROR", ["update", rr_del("$zone NS ns1.$zone")]);
test("NOERROR", ["update", rr_del("$zone NS ns2.$zone")]);
test("NOERROR", ["pre",
yxrrset("$zone 300 NS ns2.$zone")]);
yxrrset("$zone NS ns2.$zone")]);
# Non-apex
test("NOERROR", ["update", rr_add("n.$zone 300 NS ns1.$zone")]);
test("NOERROR", ["update", rr_del("n.$zone 300 NS ns1.$zone")]);
test("NOERROR", ["pre", nxrrset("n.$zone 300 NS")]);
test("NOERROR", ["update", rr_del("n.$zone NS ns1.$zone")]);
test("NOERROR", ["pre", nxrrset("n.$zone NS")]);
# Other ways of deleting NS records should also fail at the apex
# and work elsewhere.
# Non-apex
test("NOERROR", ["update", rr_add("n.$zone 300 NS ns1.$zone")]);
test("NOERROR", ["update", rr_del("n.$zone 300 NS")]);
test("NOERROR", ["pre", nxrrset("n.$zone 300 NS")]);
test("NOERROR", ["update", rr_del("n.$zone NS")]);
test("NOERROR", ["pre", nxrrset("n.$zone NS")]);
test("NOERROR", ["update", rr_add("n.$zone 300 NS ns1.$zone")]);
test("NOERROR", ["pre", yxrrset("n.$zone 300 NS")]);
test("NOERROR", ["pre", yxrrset("n.$zone NS")]);
test("NOERROR", ["update", rr_del("n.$zone")]);
test("NOERROR", ["pre", nxrrset("n.$zone 300 NS")]);
test("NOERROR", ["pre", nxrrset("n.$zone NS")]);
# Apex
test("NOERROR", ["update", rr_del("$zone NS")]);
test("NOERROR", ["pre",
yxrrset("$zone 300 NS ns2.$zone")]);
yxrrset("$zone NS ns2.$zone")]);
test("NOERROR", ["update", rr_del("$zone")]);
test("NOERROR", ["pre",
yxrrset("$zone 300 NS ns2.$zone")]);
yxrrset("$zone NS ns2.$zone")]);
# They should not touch the SOA, either.
@ -289,34 +289,34 @@ test("NOERROR", ["pre", yxrrset("$zone SOA")]);
section("Idempotency");
test("NOERROR", ["update", rr_add("d.$zone 300 A 73.80.65.49")]);
test("NOERROR", ["pre", yxrrset("d.$zone 300 A 73.80.65.49")]);
test("NOERROR", ["pre", yxrrset("d.$zone A 73.80.65.49")]);
test("NOERROR", ["update",
rr_add("d.$zone 300 A 73.80.65.49"),
rr_del("d.$zone A")]);
test("NOERROR", ["pre", nxrrset("d.$zone 300 A 73.80.65.49")]);
test("NOERROR", ["pre", nxrrset("d.$zone A")]);
test("NOERROR", ["update", rr_del("d.$zone 300 A 73.80.65.49")]);
test("NOERROR", ["pre", nxrrset("d.$zone 300 A")]);
test("NOERROR", ["update", rr_del("d.$zone A 73.80.65.49")]);
test("NOERROR", ["pre", nxrrset("d.$zone A")]);
test("NOERROR", ["update",
rr_del("d.$zone 300 A"),
rr_del("d.$zone A"),
rr_add("d.$zone 300 A 73.80.65.49")]);
test("NOERROR", ["pre", yxrrset("d.$zone 300 A")]);
test("NOERROR", ["pre", yxrrset("d.$zone A")]);
section("Out-of-zone prerequisites and updates");
test("NOTZONE", ["pre", yxrrset("a.somewhere.else. 300 A 73.80.65.49")]);
test("NOTZONE", ["pre", yxrrset("a.somewhere.else. A 73.80.65.49")]);
test("NOTZONE", ["update", rr_add("a.somewhere.else. 300 A 73.80.65.49")]);
section("Glue");
test("NOERROR", ["update", rr_add("s.$zone 300 NS ns.s.$zone")]);
test("NOERROR", ["update", rr_add("ns.s.$zone 300 A 73.80.65.49")]);
test("NOERROR", ["pre", yxrrset("ns.s.$zone 300 A 73.80.65.49")]);
test("NOERROR", ["pre", yxrrset("ns.s.$zone A 73.80.65.49")]);
section("Wildcards");
test("NOERROR", ["update", rr_add("*.$zone 300 MX 10 mail.$zone")]);
test("NOERROR", ["pre", yxrrset("*.$zone 300 MX 10 mail.$zone")]);
test("NXRRSET", ["pre", yxrrset("w.$zone 300 MX 10 mail.$zone")]);
test("NOERROR", ["pre", yxrrset("*.$zone MX 10 mail.$zone")]);
test("NXRRSET", ["pre", yxrrset("w.$zone MX 10 mail.$zone")]);
test("NOERROR", ["pre", nxrrset("w.$zone MX")]);
test("NOERROR", ["pre", nxdomain("w.$zone")]);
@ -368,7 +368,7 @@ assert($db_soa->mname eq "mname1");
#
#section("Big data");
#test("NOERROR", ["update", rr_add("a.$zone 300 TXT aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc")]);
#test("NOERROR", ["update", rr_del("a.$zone 300 TXT aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc")]);
#test("NOERROR", ["update", rr_del("a.$zone TXT aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc")]);
test("NOERROR", ["update", rr_add("a.$zone 300 TXT " . ("foo " x 3))]);
section("Updating TTLs only");
@ -378,7 +378,7 @@ test("NOERROR", ["update", rr_add("t.$zone 300 A 73.80.65.49")]);
$ttl = $a->ttl;
assert($ttl == 300, "incorrect TTL value $ttl != 300");
test("NOERROR", ["update",
rr_del("t.$zone 300 A 73.80.65.49"),
rr_del("t.$zone A 73.80.65.49"),
rr_add("t.$zone 301 A 73.80.65.49")]);
($a) = $res->query("t.$zone", "A")->answer;
$ttl = $a->ttl;
@ -416,7 +416,7 @@ test("NOERROR", ["update", rr_add("b.u.$zone 300 A 73.80.65.49")]);
test("NOERROR", ["update", rr_add("u.$zone 300 TXT txt-not-in-nxt")]);
test("NOERROR", ["update", rr_add("u.$zone 300 NS ns.u.$zone")]);
test("NOERROR", ["update", rr_del("u.$zone 300 NS ns.u.$zone")]);
test("NOERROR", ["update", rr_del("u.$zone NS ns.u.$zone")]);
if ($failures) {
print "I:$failures tests failed.\n";

12
bin/tests/system/resolver/ans2/ans.pl
View file

@ -42,8 +42,16 @@ for (;;) {
print "**** request from " , $sock->peerhost, " port ", $sock->peerport, "\n";
my ($packet, $err) = new Net::DNS::Packet(\$buf, 0);
$err and die $err;
my $packet;
if ($Net::DNS::VERSION > 0.68) {
$packet = new Net::DNS::Packet(\$buf, 0);
$@ and die $@;
} else {
my $err;
($packet, $err) = new Net::DNS::Packet(\$buf, 0);
$err and die $err;
}
print "REQUEST:\n";
$packet->print;

12
bin/tests/system/resolver/ans3/ans.pl
View file

@ -42,8 +42,16 @@ for (;;) {
print "**** request from " , $sock->peerhost, " port ", $sock->peerport, "\n";
my ($packet, $err) = new Net::DNS::Packet(\$buf, 0);
$err and die $err;
my $packet;
if ($Net::DNS::VERSION > 0.68) {
$packet = new Net::DNS::Packet(\$buf, 0);
$@ and die $@;
} else {
my $err;
($packet, $err) = new Net::DNS::Packet(\$buf, 0);
$err and die $err;
}
print "REQUEST:\n";
$packet->print;

4
bin/tests/system/rndc/ns3/named.conf
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -14,6 +14,8 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id$ */
controls { /* empty */ };
options {

2
bin/tests/system/rsabigexponent/bigkey.c
View file

@ -202,7 +202,7 @@ main(int argc, char **argv) {
"isc_log_usechannel()");
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
isc_buffer_init(&buf, "example.", strlen("example."));
isc_buffer_constinit(&buf, "example.", strlen("example."));
isc_buffer_add(&buf, strlen("example."));
CHECK(dns_name_fromtext(name, &buf, dns_rootname, 0, NULL),
"dns_name_fromtext(\"example.\")");

6
bin/tests/system/tkey/keycreate.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2005, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -150,14 +150,14 @@ sendquery(isc_task_t *task, isc_event_t *event) {
isc_sockaddr_fromin(&address, &inaddr, PORT);
dns_fixedname_init(&keyname);
isc_buffer_init(&namestr, "tkeytest.", 9);
isc_buffer_constinit(&namestr, "tkeytest.", 9);
isc_buffer_add(&namestr, 9);
result = dns_name_fromtext(dns_fixedname_name(&keyname), &namestr,
NULL, 0, NULL);
CHECK("dns_name_fromtext", result);
dns_fixedname_init(&ownername);
isc_buffer_init(&namestr, ownername_str, strlen(ownername_str));
isc_buffer_constinit(&namestr, ownername_str, strlen(ownername_str));
isc_buffer_add(&namestr, strlen(ownername_str));
result = dns_name_fromtext(dns_fixedname_name(&ownername), &namestr,
NULL, 0, NULL);

2
bin/tests/system/unknown/ns1/example-in.db
View file

@ -53,6 +53,8 @@ txt4 CLASS1 TYPE16 "hello"
txt5 TXT \# 6 0568656C6C6F
txt6 TYPE16 \# 6 0568656C6C6F
txt7 IN TXT \# 6 0568656C6C6F
txt8 IN TXT "\#" 2 0145
txt9 IN TXT \# text
unk1 TYPE123 \# 1 00
unk2 CLASS1 TYPE123 \# 1 00

14
bin/tests/system/unknown/tests.sh
View file

@ -172,5 +172,19 @@ diff large.out dig.out > /dev/null || { ret=1 ; echo "I: diff failed"; }
[ $ret = 0 ] || echo "I: failed"
status=`expr $status + $ret`
echo "I:check that '"'"\\#"'"' is not treated as the unknown escape sequence"
ret=0
$DIG $DIGOPTS @10.53.0.1 +tcp +short txt8.example txt > dig.out
echo '"#" "2" "0145"' | diff - dig.out || ret=1
[ $ret = 0 ] || echo "I: failed"
status=`expr $status + $ret`
echo "I:check that '"'TXT \# text'"' is not treated as the unknown escape sequence"
ret=0
$DIG $DIGOPTS @10.53.0.1 +tcp +short txt9.example txt > dig.out
echo '"#" "text"' | diff - dig.out || ret=1
[ $ret = 0 ] || echo "I: failed"
status=`expr $status + $ret`
echo "I:exit status: $status"
exit $status

22
bin/tests/system/upforwd/ans4/ans.pl
View file

@ -98,9 +98,16 @@ $SIG{TERM} = \&rmpid;
my @rules;
sub handleUDP {
my ($buf) = @_;
my $packet;
my ($packet, $err) = new Net::DNS::Packet(\$buf, 0);
$err and die $err;
if ($Net::DNS::VERSION > 0.68) {
$packet = new Net::DNS::Packet(\$buf, 0);
$@ and die $@;
} else {
my $err;
($packet, $err) = new Net::DNS::Packet(\$buf, 0);
$err and die $err;
}
$packet->header->qr(1);
$packet->header->aa(1);
@ -243,9 +250,16 @@ sub sign_tcp_continuation {
sub handleTCP {
my ($buf) = @_;
my $packet;
my ($packet, $err) = new Net::DNS::Packet(\$buf, 0);
$err and die $err;
if ($Net::DNS::VERSION > 0.68) {
$packet = new Net::DNS::Packet(\$buf, 0);
$@ and die $@;
} else {
my $err;
($packet, $err) = new Net::DNS::Packet(\$buf, 0);
$err and die $err;
}
$packet->header->qr(1);
$packet->header->aa(1);

30
bin/tests/system/wildcard/clean.sh Normal file
View file

@ -0,0 +1,30 @@
#!/bin/sh
#
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.1.2.1 2010/06/01 03:55:01 marka Exp $
rm -f random.data
rm -f ns*/named.run
rm -f ns1/K*
rm -f ns1/*.db
rm -f ns1/*.signed
rm -f ns1/dsset-*
rm -f ns1/trusted.conf
rm -f ns1/private.nsec.conf
rm -f ns1/private.nsec3.conf
rm -f ns1/signer.err
rm -f */named.memstats
rm -f dig.out.ns*.test*

45
bin/tests/system/wildcard/ns1/named.conf Normal file
View file

@ -0,0 +1,45 @@
/*
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.1.2.3 2010/06/01 07:04:49 marka Exp $ */
controls { /* empty */ };
options {
query-source address 10.53.0.1;
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
};
zone "." { type master; file "root.db.signed"; };
zone "nsec" { type master; file "nsec.db.signed"; };
zone "private.nsec" { type master; file "private.nsec.db.signed"; };
/*
* The contents of nsec3 and private.nsec3 are specially choosen to
* have seperate NSEC3 records for the "no qname proof" and the
* "closest encloser proof".
*/
zone "nsec3" { type master; file "nsec3.db.signed"; };
zone "private.nsec3" { type master; file "private.nsec3.db.signed"; };

22
bin/tests/system/wildcard/ns1/nsec.db.in Normal file
View file

@ -0,0 +1,22 @@
; Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id$
$TTL 120
@ SOA a.root-servers.nil. hostmaster.root-servers.nil. 1 1800 900 604800 86400
@ NS a.root-servers.nil.
private NS a.root-servers.nil.
*.wild CNAME a.
a.wild A 1.2.3.5

22
bin/tests/system/wildcard/ns1/nsec3.db.in Normal file
View file

@ -0,0 +1,22 @@
; Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id$
$TTL 120
@ SOA a.root-servers.nil. hostmaster.root-servers.nil. 1 1800 900 604800 86400
@ NS a.root-servers.nil.
private NS a.root-servers.nil.
*.wild CNAME a.
a.wild A 1.2.3.5

21
bin/tests/system/wildcard/ns1/private.nsec.db.in Normal file
View file

@ -0,0 +1,21 @@
; Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id$
$TTL 120
@ SOA a.root-servers.nil. hostmaster.root-servers.nil. 1 1800 900 604800 86400
@ NS a.root-servers.nil.
*.wild CNAME a.
a.wild A 1.2.3.5

22
bin/tests/system/wildcard/ns1/private.nsec3.db.in Normal file
View file

@ -0,0 +1,22 @@
; Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id$
$TTL 120
@ SOA a.root-servers.nil. hostmaster.root-servers.nil. 1 1800 900 604800 86400
@ NS a.root-servers.nil.
b A 1.2.3.4
*.wild CNAME a.
a.wild A 1.2.3.5

22
bin/tests/system/wildcard/ns1/root.db.in Normal file
View file

@ -0,0 +1,22 @@
; Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id$
$TTL 120
@ SOA a.root-servers.nil hostmaster.root-servers.nil 1 1800 900 604800 86400
@ NS a.root-servers.nil
a.root-servers.nil A 10.53.0.1
nsec NS a.root-servers.nil
nsec3 NS a.root-servers.nil

120
bin/tests/system/wildcard/ns1/sign.sh Executable file
View file

@ -0,0 +1,120 @@
#!/bin/sh
#
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.1.2.2 2010/06/01 06:38:47 marka Exp $
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
RANDFILE=../random.data
dssets=
zone=nsec.
infile=nsec.db.in
zonefile=nsec.db
outfile=nsec.db.signed
dssets="$dssets dsset-$zone"
keyname1=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo "I: signed $zone"
zone=private.nsec.
infile=private.nsec.db.in
zonefile=private.nsec.db
outfile=private.nsec.db.signed
keyname1=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo "I: signed $zone"
grep -v '^;' $keyname2.key | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > private.nsec.conf
zone=nsec3.
infile=nsec3.db.in
zonefile=nsec3.db
outfile=nsec3.db.signed
dssets="$dssets dsset-$zone"
keyname1=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -r $RANDFILE -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo "I: signed $zone"
zone=private.nsec3.
infile=private.nsec3.db.in
zonefile=private.nsec3.db
outfile=private.nsec3.db.signed
keyname1=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -r $RANDFILE -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo "I: signed $zone"
grep -v '^;' $keyname2.key | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > private.nsec3.conf
zone=.
infile=root.db.in
zonefile=root.db
outfile=root.db.signed
keyname1=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
cat $infile $keyname1.key $keyname2.key $dssets >$zonefile
$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo "I: signed $zone"
grep -v '^;' $keyname2.key | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf

18
bin/tests/system/wildcard/ns2/hints Normal file
View file

@ -0,0 +1,18 @@
; Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: hints,v 1.1.2.1 2010/06/01 03:55:02 marka Exp $
. 0 NS ns.root-servers.nil.
ns.root-servers.nil. 0 A 10.53.0.1

33
bin/tests/system/wildcard/ns2/named.conf Normal file
View file

@ -0,0 +1,33 @@
/*
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.1.2.1 2010/06/01 03:55:02 marka Exp $ */
controls { /* empty */ };
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion yes;
notify yes;
};
zone "." { type hint; file "hints"; };

18
bin/tests/system/wildcard/ns3/hints Normal file
View file

@ -0,0 +1,18 @@
; Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: hints,v 1.1.2.1 2010/06/01 03:55:02 marka Exp $
. 0 NS ns.root-servers.nil.
ns.root-servers.nil. 0 A 10.53.0.1

35
bin/tests/system/wildcard/ns3/named.conf Normal file
View file

@ -0,0 +1,35 @@
/*
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.1.2.1 2010/06/01 03:55:02 marka Exp $ */
controls { /* empty */ };
options {
query-source address 10.53.0.3;
notify-source 10.53.0.3;
transfer-source 10.53.0.3;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
recursion yes;
notify yes;
};
include "../ns1/trusted.conf";
zone "." { type hint; file "hints"; };

37
bin/tests/system/wildcard/ns4/named.conf Normal file
View file

@ -0,0 +1,37 @@
/*
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.1.2.1 2010/06/01 03:55:02 marka Exp $ */
controls { /* empty */ };
options {
query-source address 10.53.0.4;
notify-source 10.53.0.4;
transfer-source 10.53.0.4;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.4; };
listen-on-v6 { none; };
recursion yes;
notify yes;
forward only;
forwarders { 10.53.0.2; };
};
include "../ns1/trusted.conf";
include "../ns1/private.nsec.conf";
include "../ns1/private.nsec3.conf";

21
bin/tests/system/wildcard/setup.sh Normal file
View file

@ -0,0 +1,21 @@
#!/bin/sh
#
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: setup.sh,v 1.1.2.1 2010/06/01 03:55:01 marka Exp $
../../../tools/genrandom 400 random.data
(cd ns1 && sh -e sign.sh)

136
bin/tests/system/wildcard/tests.sh Normal file
View file

@ -0,0 +1,136 @@
#!/bin/sh
#
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.1.2.3 2010/06/01 06:57:31 marka Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
status=0
n=0
rm -f dig.out.*
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
n=`expr $n + 1`
echo "I: checking that NSEC wildcard non-existance proof is returned auth ($n)"
ret=0
$DIG $DIGOPTS a b.wild.nsec +norec @10.53.0.1 > dig.out.ns1.test$n || ret=1
grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I: checking that NSEC wildcard non-existance proof is returned non-validating ($n)"
ret=0
$DIG $DIGOPTS a b.wild.nsec @10.53.0.2 > dig.out.ns2.test$n || ret=1
grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns2.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns2.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I: checking that NSEC wildcard non-existance proof is returned validating ($n)"
ret=0
$DIG $DIGOPTS a b.wild.nsec @10.53.0.3 > dig.out.ns3.test$n || ret=1
grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns3.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I: checking that returned NSEC wildcard non-existance proof validates ($n)"
ret=0
$DIG $DIGOPTS a b.wild.nsec @10.53.0.4 > dig.out.ns4.test$n || ret=1
grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns4.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I: checking that NSEC wildcard non-existance proof is returned private, validating ($n)"
ret=0
$DIG $DIGOPTS a b.wild.private.nsec @10.53.0.3 > dig.out.ns3.test$n || ret=1
grep -i 'a\.wild\.private\.nsec\..*NSEC.*private\.nsec\..*NSEC' dig.out.ns3.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns3.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I: checking that returned NSEC wildcard non-existance proof for private zone validates ($n)"
ret=0
$DIG $DIGOPTS a b.wild.private.nsec @10.53.0.4 > dig.out.ns4.test$n || ret=1
grep -i 'a\.wild\.private\.nsec\..*NSEC.*private\.nsec\..*NSEC' dig.out.ns4.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I: checking that NSEC3 wildcard non-existance proof is returned auth ($n)"
ret=0
$DIG $DIGOPTS a b.wild.nsec3 +norec @10.53.0.1 > dig.out.ns1.test$n || ret=1
grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns1.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I: checking that NSEC3 wildcard non-existance proof is returned non-validating ($n)"
ret=0
$DIG $DIGOPTS a b.wild.nsec3 @10.53.0.2 > dig.out.ns2.test$n || ret=1
grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns2.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns2.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I: checking that NSEC3 wildcard non-existance proof is returned validating ($n)"
ret=0
$DIG $DIGOPTS a b.wild.nsec3 @10.53.0.3 > dig.out.ns3.test$n || ret=1
grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns3.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns3.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I: checking that returned NSEC3 wildcard non-existance proof validates ($n)"
ret=0
$DIG $DIGOPTS a b.wild.nsec3 @10.53.0.4 > dig.out.ns4.test$n || ret=1
grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns4.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I: checking that NSEC3 wildcard non-existance proof is returned private, validating ($n)"
ret=0
$DIG $DIGOPTS a b.wild.private.nsec3 @10.53.0.3 > dig.out.ns3.test$n || ret=1
grep -i 'UDBSP4R8OUOT6HSO39VD8B5LMOSHRD5N\.private\.nsec3\..*NSEC3.*ASDRUIB7GO00OR92S5OUGI404LT27RNU' dig.out.ns3.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns3.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I: checking that returned NSEC3 wildcard non-existance proof for private zone validates ($n)"
ret=0
$DIG $DIGOPTS a b.wild.private.nsec3 @10.53.0.4 > dig.out.ns4.test$n || ret=1
grep -i 'UDBSP4R8OUOT6HSO39VD8B5LMOSHRD5N\.private\.nsec3\..*NSEC3.*ASDRUIB7GO00OR92S5OUGI404LT27RNU' dig.out.ns4.test$n > /dev/null || ret=1
grep -i 'flags:.* ad[ ;]' dig.out.ns4.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status"
exit $status

2
bin/tests/zone_test.c
View file

@ -100,7 +100,7 @@ setup(const char *zonename, const char *filename, const char *classname) {
dns_zone_settype(zone, zonetype);
isc_buffer_init(&buffer, zonename, strlen(zonename));
isc_buffer_constinit(&buffer, zonename, strlen(zonename));
isc_buffer_add(&buffer, strlen(zonename));
dns_fixedname_init(&fixorigin);
result = dns_name_fromtext(dns_fixedname_name(&fixorigin),

3
config.h.in
View file

@ -283,6 +283,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to 1 if you have the <net/if6.h> header file. */
#undef HAVE_NET_IF6_H
/* Define if your OpenSSL version supports ECDSA. */
#undef HAVE_OPENSSL_ECDSA
/* Define if your OpenSSL version supports GOST. */
#undef HAVE_OPENSSL_GOST

5
config.h.win32
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2006-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2006-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -278,3 +278,6 @@ typedef long off_t;
/* Define to enable rpz-nsip rules. */
#define ENABLE_RPZ_NSIP
/* Get SRCID */
#include "srcid.h"

2
config.threads.in
View file

@ -69,7 +69,7 @@ case $host in
esac
AC_ARG_ENABLE(threads,
[ --enable-threads enable multithreading])
[ --enable-threads enable multithreading])
case "$enable_threads" in
yes)
use_threads=true

184
configure vendored
View file

@ -1451,6 +1451,7 @@ enable_epoll
enable_devpoll
with_openssl
enable_openssl_version_check
with_ecdsa
with_gost
enable_openssl_hash
with_pkcs11
@ -2121,7 +2122,7 @@ Optional Features:
optimize for fast installation [default=yes]
--disable-libtool-lock avoid locking (might break parallel builds)
--enable-libbind deprecated
--enable-developer enable developer build settings
--enable-developer enable developer build settings
--enable-newstats use the new statistics
--enable-kqueue use BSD kqueue when available [default=yes]
--enable-epoll use Linux epoll when available [default=auto]
@ -2129,13 +2130,13 @@ Optional Features:
--enable-openssl-version-check
Check OpenSSL Version [default=yes]
--enable-openssl-hash use OpenSSL for hash functions [default=no]
--enable-threads enable multithreading
--enable-threads enable multithreading
--enable-largefile 64-bit file support
--enable-backtrace log stack backtrace on abort [default=yes]
--enable-symtable use internal symbol table for backtrace
[all|minimal(default)|none]
--enable-exportlib build exportable library (GNU make required)
[default=no]
--enable-exportlib build exportable library (GNU make required)
[default=no]
--enable-ipv6 use IPv6 default=autodetect
--enable-getifaddrs Enable the use of getifaddrs() [yes|no].
--disable-isc-spnego use SPNEGO from GSSAPI library
@ -2158,10 +2159,11 @@ Optional Packages:
--with-gnu-ld assume the C compiler uses GNU ld [default=no]
--with-sysroot=DIR Search for dependent libraries within DIR
(or the compiler's sysroot if not specified).
--with-python=PATH Specify path to python interpreter
--with-python=PATH Specify path to python interpreter
--with-openssl=PATH Build with OpenSSL yes|no|path.
(Required for DNSSEC)
--with-ecdsa OpenSSL ECDSA
--with-gost OpenSSL GOST
--with-pkcs11=PATH Build with PKCS11 support yes|no|path
(PATH is for the PKCS11 provider)
--with-gssapi=PATH Specify path for system-supplied GSSAPI [default=yes]
@ -2170,19 +2172,20 @@ Optional Packages:
--with-purify=PATH use Rational purify
--with-libtool use GNU libtool
--with-export-libdir=PATH
installation directory for the export library
[EPREFIX/lib/bind9]
installation directory for the export library
[EPREFIX/lib/bind9]
--with-export-includedir=PATH
installation directory for the header files of the
export library [PREFIX/include/bind9]
installation directory for the header files of the
export library [PREFIX/include/bind9]
--with-kame=PATH use Kame IPv6 default path /usr/local/v6
--with-readline=LIBSPEC specify readline library default -lreadline
--with-docbook-xsl=PATH Specify path for Docbook-XSL stylesheets
--with-idn=MPREFIX enable IDN support using idnkit default PREFIX
--with-libiconv=IPREFIX GNU libiconv are in IPREFIX default PREFIX
--with-iconv=LIBSPEC specify iconv library default -liconv
--with-idnlib=ARG specify libidnkit
--with-atf=ARG Automated Test Framework support
--with-atf=ARG Automated Test Framework support
--with-dlopen=ARG Support dynamically loadable DLZ drivers
--with-dlz-postgres=PATH Build with Postgres DLZ driver yes|no|path.
(Required to use Postgres with DLZ)
@ -13584,10 +13587,9 @@ auto)
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking epoll support" >&5
$as_echo_n "checking epoll support... " >&6; }
if test "$cross_compiling" = yes; then :
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "cannot run test program while cross compiling
See \`config.log' for more details" "$LINENO" 5; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@ -14184,20 +14186,20 @@ $as_echo "Skipped OpenSSL version check" >&6; }
;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL DSA support" >&5
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL DSA support" >&5
$as_echo_n "checking for OpenSSL DSA support... " >&6; }
if test -f $use_openssl/include/openssl/dsa.h
then
$as_echo "#define HAVE_OPENSSL_DSA 1" >>confdefs.h
if test -f $use_openssl/include/openssl/dsa.h
then
$as_echo "#define HAVE_OPENSSL_DSA 1" >>confdefs.h
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
fi
for ac_func in EVP_sha256 EVP_sha384 EVP_sha512
for ac_func in EVP_sha256 EVP_sha384 EVP_sha512
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@ -14210,14 +14212,12 @@ fi
done
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ECDSA support" >&5
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ECDSA support" >&5
$as_echo_n "checking for OpenSSL ECDSA support... " >&6; }
have_ecdsa=""
if test "$cross_compiling" = yes; then :
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "cannot run test program while cross compiling
See \`config.log' for more details" "$LINENO" 5; }
have_ecdsa=""
if test "$cross_compiling" = yes; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using --with-ecdsa" >&5
$as_echo "using --with-ecdsa" >&6; }
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@ -14242,30 +14242,55 @@ _ACEOF
if ac_fn_c_try_run "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
have_ecdsa="yes"
have_ecdsa="yes"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
have_ecdsa="no"
have_ecdsa="no"
fi
rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
case $have_ecdsa in
yes)
OPENSSL_ECDSA="yes"
$as_echo "#define HAVE_OPENSSL_ECDSA 1" >>confdefs.h
;;
*)
;;
esac
# Check whether --with-ecdsa was given.
if test "${with_ecdsa+set}" = set; then :
withval=$with_ecdsa; with_ecdsa="$withval"
else
with_ecdsa="auto"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL GOST support" >&5
case "$with_ecdsa" in
yes)
case "$have_ecdsa" in
no) as_fn_error $? "ecdsa not supported" "$LINENO" 5 ;;
*) have_ecdsa=yes ;;
esac
;;
no)
have_ecdsa=no ;;
*)
case "$have_ecdsa" in
yes|no) ;;
*) as_fn_error $? "need --with-ecdsa=[yes or no]" "$LINENO" 5 ;;
esac
;;
esac
case $have_ecdsa in
yes)
OPENSSL_ECDSA="yes"
$as_echo "#define HAVE_OPENSSL_ECDSA 1" >>confdefs.h
;;
*)
;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL GOST support" >&5
$as_echo_n "checking for OpenSSL GOST support... " >&6; }
have_gost=""
if test "$cross_compiling" = yes; then :
have_gost=""
if test "$cross_compiling" = yes; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using --with-gost" >&5
$as_echo "using --with-gost" >&6; }
else
@ -14297,11 +14322,11 @@ _ACEOF
if ac_fn_c_try_run "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
have_gost="yes"
have_gost="yes"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
have_gost="no"
have_gost="no"
fi
rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
conftest.$ac_objext conftest.beam conftest.$ac_ext
@ -14315,38 +14340,38 @@ else
with_gost="auto"
fi
case "$with_gost" in
yes)
case "$have_gost" in
no) as_fn_error $? "gost not supported" "$LINENO" 5 ;;
*) have_gost=yes ;;
esac
;;
no)
have_gost=no ;;
*)
case "$have_gost" in
yes|no) ;;
*) as_fn_error $? "need --with-gost=[yes or no]" "$LINENO" 5 ;;
esac
;;
esac
case $have_gost in
yes)
OPENSSL_GOST="yes"
case "$with_gost" in
yes)
case "$have_gost" in
no) as_fn_error $? "gost not supported" "$LINENO" 5 ;;
*) have_gost=yes ;;
esac
;;
no)
have_gost=no ;;
*)
case "$have_gost" in
yes|no) ;;
*) as_fn_error $? "need --with-gost=[yes or no]" "$LINENO" 5 ;;
esac
;;
esac
case $have_gost in
yes)
OPENSSL_GOST="yes"
$as_echo "#define HAVE_OPENSSL_GOST 1" >>confdefs.h
;;
*)
;;
esac
CFLAGS="$saved_cflags"
LIBS="$saved_libs"
OPENSSLLINKOBJS='${OPENSSLLINKOBJS}'
OPENSSLLINKSRCS='${OPENSSLLINKSRCS}'
;;
*)
;;
esac
CFLAGS="$saved_cflags"
LIBS="$saved_libs"
OPENSSLLINKOBJS='${OPENSSLLINKOBJS}'
OPENSSLLINKSRCS='${OPENSSLLINKSRCS}'
;;
;;
esac
#
@ -14708,6 +14733,12 @@ fi
case "$use_randomdev" in
unspec)
case "$cross_compiling" in
yes)
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: unspecified" >&5
$as_echo "unspecified" >&6; }
as_fn_error $? " need --with-randomdev=PATH or --with-randomdev=no" "$LINENO" 5
esac
case "$host" in
*-openbsd*)
devrandom=/dev/arandom
@ -14742,6 +14773,7 @@ _ACEOF
fi
;;
yes)
as_fn_error $? "--with-randomdev must specify a path" "$LINENO" 5
@ -15678,7 +15710,7 @@ case "$use_libxml2" in
;;
auto|yes)
case X`(xml2-config --version) 2>/dev/null` in
X2.[678].*)
X2.[6789].*)
libxml2_libs=`xml2-config --libs`
libxml2_cflags=`xml2-config --cflags`
;;
@ -18995,7 +19027,7 @@ case "$docbook_path" in
auto)
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: auto" >&5
$as_echo "auto" >&6; }
docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook /usr/share/xsl/docbook /opt/local/share/xsl/docbook-xsl/"
docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook /usr/share/xsl/docbook /opt/local/share/xsl/docbook-xsl"
;;
*)
docbook_xsl_trees="$withval"

179
configure.in
View file

@ -1,4 +1,4 @@
# Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@ -63,7 +63,7 @@ It is available from http://www.isc.org as a separate download.])
;;
esac
AC_ARG_ENABLE(developer, [ --enable-developer enable developer build settings])
AC_ARG_ENABLE(developer, [ --enable-developer enable developer build settings])
case "$enable_developer" in
yes)
test "${enable_fixed_rrset+set}" = set || enable_fixed_rrset=yes
@ -142,7 +142,7 @@ AC_SUBST(PERL)
# If python is unavailable, we simply don't build those.
#
AC_ARG_WITH(python,
[ --with-python=PATH Specify path to python interpreter],
[ --with-python=PATH Specify path to python interpreter],
use_python="$withval", use_python="unspec")
case "$use_python" in
@ -522,6 +522,8 @@ int main() {
[AC_MSG_RESULT(yes)
ISC_PLATFORM_HAVEEPOLL="#define ISC_PLATFORM_HAVEEPOLL 1"],
[AC_MSG_RESULT(no)
ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"],
[AC_MSG_RESULT(no)
ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"])
;;
yes)
@ -768,20 +770,20 @@ no)
;;
esac
AC_MSG_CHECKING(for OpenSSL DSA support)
if test -f $use_openssl/include/openssl/dsa.h
then
AC_DEFINE(HAVE_OPENSSL_DSA)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(for OpenSSL DSA support)
if test -f $use_openssl/include/openssl/dsa.h
then
AC_DEFINE(HAVE_OPENSSL_DSA)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512)
AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512)
AC_MSG_CHECKING(for OpenSSL ECDSA support)
have_ecdsa=""
AC_TRY_RUN([
AC_MSG_CHECKING(for OpenSSL ECDSA support)
have_ecdsa=""
AC_TRY_RUN([
#include <stdio.h>
#include <openssl/ecdsa.h>
#include <openssl/objects.h>
@ -798,22 +800,42 @@ int main() {
return (0);
}
],
[AC_MSG_RESULT(yes)
have_ecdsa="yes"],
[AC_MSG_RESULT(no)
have_ecdsa="no"])
case $have_ecdsa in
yes)
OPENSSL_ECDSA="yes"
AC_DEFINE(HAVE_OPENSSL_ECDSA)
;;
*)
;;
esac
[AC_MSG_RESULT(yes)
have_ecdsa="yes"],
[AC_MSG_RESULT(no)
have_ecdsa="no"],
[AC_MSG_RESULT(using --with-ecdsa)])
AC_ARG_WITH(ecdsa, [ --with-ecdsa OpenSSL ECDSA],
with_ecdsa="$withval", with_ecdsa="auto")
case "$with_ecdsa" in
yes)
case "$have_ecdsa" in
no) AC_MSG_ERROR([ecdsa not supported]) ;;
*) have_ecdsa=yes ;;
esac
;;
no)
have_ecdsa=no ;;
*)
case "$have_ecdsa" in
yes|no) ;;
*) AC_MSG_ERROR([need --with-ecdsa=[[yes or no]]]) ;;
esac
;;
esac
case $have_ecdsa in
yes)
OPENSSL_ECDSA="yes"
AC_DEFINE(HAVE_OPENSSL_ECDSA, 1,
[Define if your OpenSSL version supports ECDSA.])
;;
*)
;;
esac
AC_MSG_CHECKING(for OpenSSL GOST support)
have_gost=""
AC_TRY_RUN([
AC_MSG_CHECKING(for OpenSSL GOST support)
have_gost=""
AC_TRY_RUN([
#include <openssl/conf.h>
#include <openssl/engine.h>
int main() {
@ -835,43 +857,44 @@ int main() {
#endif
}
],
[AC_MSG_RESULT(yes)
have_gost="yes"],
[AC_MSG_RESULT(no)
have_gost="no"],
[AC_MSG_RESULT(using --with-gost)])
AC_ARG_WITH(gost, , with_gost="$withval", with_gost="auto")
case "$with_gost" in
yes)
case "$have_gost" in
no) AC_MSG_ERROR([gost not supported]) ;;
*) have_gost=yes ;;
esac
;;
no)
have_gost=no ;;
*)
case "$have_gost" in
yes|no) ;;
*) AC_MSG_ERROR([need --with-gost=[[yes or no]]]) ;;
esac
;;
esac
case $have_gost in
yes)
OPENSSL_GOST="yes"
AC_DEFINE(HAVE_OPENSSL_GOST, 1,
[Define if your OpenSSL version supports GOST.])
;;
*)
;;
esac
CFLAGS="$saved_cflags"
LIBS="$saved_libs"
OPENSSLLINKOBJS='${OPENSSLLINKOBJS}'
OPENSSLLINKSRCS='${OPENSSLLINKSRCS}'
[AC_MSG_RESULT(yes)
have_gost="yes"],
[AC_MSG_RESULT(no)
have_gost="no"],
[AC_MSG_RESULT(using --with-gost)])
AC_ARG_WITH(gost, [ --with-gost OpenSSL GOST],
with_gost="$withval", with_gost="auto")
case "$with_gost" in
yes)
case "$have_gost" in
no) AC_MSG_ERROR([gost not supported]) ;;
*) have_gost=yes ;;
esac
;;
no)
have_gost=no ;;
*)
case "$have_gost" in
yes|no) ;;
*) AC_MSG_ERROR([need --with-gost=[[yes or no]]]) ;;
esac
;;
esac
case $have_gost in
yes)
OPENSSL_GOST="yes"
AC_DEFINE(HAVE_OPENSSL_GOST, 1,
[Define if your OpenSSL version supports GOST.])
;;
*)
;;
esac
CFLAGS="$saved_cflags"
LIBS="$saved_libs"
OPENSSLLINKOBJS='${OPENSSLLINKOBJS}'
OPENSSLLINKSRCS='${OPENSSLLINKSRCS}'
;;
;;
esac
#
@ -1152,6 +1175,11 @@ AC_ARG_WITH(randomdev,
case "$use_randomdev" in
unspec)
case "$cross_compiling" in
yes)
AC_MSG_RESULT(unspecified)
AC_MSG_ERROR([ need --with-randomdev=PATH or --with-randomdev=no])
esac
case "$host" in
*-openbsd*)
devrandom=/dev/arandom
@ -1164,6 +1192,7 @@ case "$use_randomdev" in
AC_CHECK_FILE($devrandom,
AC_DEFINE_UNQUOTED(PATH_RANDOMDEV,
"$devrandom"),)
;;
yes)
AC_MSG_ERROR([--with-randomdev must specify a path])
@ -1335,7 +1364,7 @@ case "$use_libxml2" in
;;
auto|yes)
case X`(xml2-config --version) 2>/dev/null` in
X2.[[678]].*)
X2.[[6789]].*)
libxml2_libs=`xml2-config --libs`
libxml2_cflags=`xml2-config --cflags`
;;
@ -1672,8 +1701,8 @@ AC_SUBST(LIBTOOL_IN_MAIN)
# build exportable DNS library?
#
AC_ARG_ENABLE(exportlib,
[ --enable-exportlib build exportable library (GNU make required)
[[default=no]]])
[ --enable-exportlib build exportable library (GNU make required)
[[default=no]]])
case "$enable_exportlib" in
yes)
gmake=
@ -1698,8 +1727,8 @@ AC_SUBST(BIND9_CO_RULE)
AC_ARG_WITH(export-libdir,
[ --with-export-libdir[=PATH]
installation directory for the export library
[[EPREFIX/lib/bind9]]],
installation directory for the export library
[[EPREFIX/lib/bind9]]],
export_libdir="$withval",)
if test -z "$export_libdir"; then
export_libdir="\${exec_prefix}/lib/bind9/"
@ -1708,8 +1737,8 @@ AC_SUBST(export_libdir)
AC_ARG_WITH(export-includedir,
[ --with-export-includedir[=PATH]
installation directory for the header files of the
export library [[PREFIX/include/bind9]]],
installation directory for the header files of the
export library [[PREFIX/include/bind9]]],
export_includedir="$withval",)
if test -z "$export_includedir"; then
export_includedir="\${prefix}/include/bind9/"
@ -3094,7 +3123,7 @@ AC_ARG_WITH(docbook-xsl,
case "$docbook_path" in
auto)
AC_MSG_RESULT(auto)
docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook /usr/share/xsl/docbook /opt/local/share/xsl/docbook-xsl/"
docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook /usr/share/xsl/docbook /opt/local/share/xsl/docbook-xsl"
;;
*)
docbook_xsl_trees="$withval"
@ -3230,7 +3259,7 @@ AC_SUBST(IDNLIBS)
# Check whether to build Automated Test Framework unit tests
#
AC_ARG_WITH(atf,
[ --with-atf=ARG Automated Test Framework support],
[ --with-atf=ARG Automated Test Framework support],
atf="$withval", atf="no")
if test "$atf" = yes; then
atf=`pwd`/unit/atf

57
contrib/dlz/drivers/dlz_filesystem_driver.c
View file

@ -108,8 +108,7 @@ fs_destroy(void *driverarg, void *dbdata);
*/
static isc_boolean_t
is_safe(const char *input)
{
is_safe(const char *input) {
unsigned int i;
unsigned int len = strlen(input);
@ -119,13 +118,13 @@ is_safe(const char *input)
if (input[i] == '.') {
/* '.' is not allowed as first char */
if (i == 0)
return ISC_FALSE;
return (ISC_FALSE);
/* '..', two dots together is not allowed. */
else if (input[i-1] == '.')
return ISC_FALSE;
return (ISC_FALSE);
/* '.' is not allowed as last char */
if (i == len)
return ISC_FALSE;
return (ISC_FALSE);
/* only 1 dot in ok location, continue at next char */
continue;
}
@ -161,16 +160,14 @@ is_safe(const char *input)
* if we reach this point we have encountered a
* disallowed char!
*/
return ISC_FALSE;
return (ISC_FALSE);
}
/* everything ok. */
return ISC_TRUE;
return (ISC_TRUE);
}
static isc_result_t
create_path_helper(char *out, const char *in, config_data_t *cd)
{
create_path_helper(char *out, const char *in, config_data_t *cd) {
char *tmpString;
char *tmpPtr;
int i;
@ -238,6 +235,7 @@ create_path(const char *zone, const char *host, const char *client,
int pathsize;
int len;
isc_result_t result;
isc_boolean_t isroot = ISC_FALSE;
/* we require a zone & cd parameter */
REQUIRE(zone != NULL);
@ -252,16 +250,20 @@ create_path(const char *zone, const char *host, const char *client,
(host != NULL && client == NULL) ||
(host == NULL && client != NULL) );
/* special case for root zone */
if (strcmp(zone, ".") == 0)
isroot = ISC_TRUE;
/* if the requested zone is "unsafe", return error */
if (is_safe(zone) != ISC_TRUE)
if (!isroot && !is_safe(zone))
return (ISC_R_FAILURE);
/* if host was passed, verify that it is safe */
if ((host != NULL) && (is_safe(host) != ISC_TRUE) )
if (host != NULL && !is_safe(host))
return (ISC_R_FAILURE);
/* if client was passed, verify that it is safe */
if ((client != NULL) && (is_safe(client) != ISC_TRUE) )
if (client != NULL && !is_safe(client))
return (ISC_R_FAILURE);
/* Determine how much memory the split up string will require */
@ -302,8 +304,11 @@ create_path(const char *zone, const char *host, const char *client,
strcpy(tmpPath, cd->basedir);
/* add zone name - parsed properly */
if ((result = create_path_helper(tmpPath, zone, cd)) != ISC_R_SUCCESS)
goto cleanup_mem;
if (!isroot) {
result = create_path_helper(tmpPath, zone, cd);
if (result != ISC_R_SUCCESS)
goto cleanup_mem;
}
/*
* When neither client or host is passed we are building a
@ -356,7 +361,7 @@ create_path(const char *zone, const char *host, const char *client,
isc_mem_free(ns_g_mctx, tmpPath);
/* free tmpPath memory */
return result;
return (result);
}
static isc_result_t
@ -525,7 +530,7 @@ process_dir(isc_dir_t *dir, void *passback, config_data_t *cd,
"Filesystem driver: "
"%s could not be parsed properly",
tmp);
return ISC_R_FAILURE;
return (ISC_R_FAILURE);
}
/* replace separator char with NULL to split string */
@ -540,7 +545,7 @@ process_dir(isc_dir_t *dir, void *passback, config_data_t *cd,
"Filesystem driver: "
"%s could not be parsed properly",
tmp);
return ISC_R_FAILURE;
return (ISC_R_FAILURE);
}
/* replace separator char with NULL to split string */
@ -578,10 +583,10 @@ process_dir(isc_dir_t *dir, void *passback, config_data_t *cd,
/* if error, return error right away */
if (result != ISC_R_SUCCESS)
return result;
return (result);
} /* end of while loop */
return result;
return (result);
}
/*
@ -621,7 +626,7 @@ fs_allowzonexfr(void *driverarg, void *dbdata, const char *name,
complete_AXFR:
isc_mem_free(ns_g_mctx, path);
return result;
return (result);
}
static isc_result_t
@ -740,7 +745,7 @@ fs_allnodes(const char *zone, void *driverarg, void *dbdata,
if (basepath != NULL)
isc_mem_free(ns_g_mctx, basepath);
return result;
return (result);
}
static isc_result_t
@ -779,7 +784,7 @@ fs_findzone(void *driverarg, void *dbdata, const char *name)
complete_FZ:
isc_mem_free(ns_g_mctx, path);
return result;
return (result);
}
static isc_result_t
@ -854,7 +859,7 @@ fs_lookup(const char *zone, const char *name, void *driverarg,
complete_lkup:
isc_mem_free(ns_g_mctx, path);
return result;
return (result);
}
static isc_result_t
@ -950,7 +955,7 @@ fs_create(const char *dlzname, unsigned int argc, char *argv[],
*dbdata = cd;
/* return success */
return(ISC_R_SUCCESS);
return (ISC_R_SUCCESS);
/* handle no memory error */
no_mem:
@ -1045,7 +1050,7 @@ dlz_fs_init(void)
result = ISC_R_UNEXPECTED;
}
return result;
return (result);
}
/*%

2
contrib/dlz/drivers/sdlz_helper.c
View file

@ -481,7 +481,7 @@ sdlzh_destroy_sqldbinstance(dbinstance_t *dbi)
destroy_querylist(mctx, &dbi->lookup_q);
/* get rid of the mutex */
isc_mutex_destroy(&dbi->instance_lock);
(void) isc_mutex_destroy(&dbi->instance_lock);
/* return, and detach the memory */
isc_mem_put(mctx, dbi, sizeof(dbinstance_t));

211
contrib/dlz/example/dlz_example.c
View file

@ -37,6 +37,13 @@
#define STRTOK_R(a, b, c) strtok(a, b)
#endif
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
/* For this simple example, use fixed sized strings */
struct record {
char name[100];
@ -104,13 +111,22 @@ add_name(struct dlz_example_data *state, struct record *list,
i = first_empty;
}
if (i == MAX_RECORDS) {
state->log(ISC_LOG_ERROR, "dlz_example: out of record space");
if (state->log != NULL)
state->log(ISC_LOG_ERROR,
"dlz_example: out of record space");
return (ISC_R_FAILURE);
}
strcpy(list[i].name, name);
strcpy(list[i].type, type);
strcpy(list[i].data, data);
if (strlen(name) >= sizeof(list[i].name) ||
strlen(type) >= sizeof(list[i].type) ||
strlen(data) >= sizeof(list[i].data))
return (ISC_R_NOSPACE);
strncpy(list[i].name, name, sizeof(list[i].name));
strncpy(list[i].type, type, sizeof(list[i].type));
strncpy(list[i].data, data, sizeof(list[i].data));
list[i].ttl = ttl;
return (ISC_R_SUCCESS);
}
@ -195,7 +211,6 @@ b9_add_helper(struct dlz_example_data *state,
state->writeable_zone = (dns_dlz_writeablezone_t *)ptr;
}
/*
* Called to initialize the driver
*/
@ -207,6 +222,9 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[],
const char *helper_name;
va_list ap;
char soa_data[200];
const char *extra;
isc_result_t result;
int n;
UNUSED(dlzname);
@ -217,20 +235,36 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[],
/* Fill in the helper functions */
va_start(ap, dbdata);
while ((helper_name = va_arg(ap, const char *)) != NULL) {
b9_add_helper(state, helper_name, va_arg(ap, void*));
b9_add_helper(state, helper_name, va_arg(ap, void *));
}
va_end(ap);
if (argc < 2) {
state->log(ISC_LOG_ERROR,
"dlz_example: please specify a zone name");
if (state->log != NULL)
state->log(ISC_LOG_ERROR,
"dlz_example: please specify a zone name");
dlz_destroy(state);
return (ISC_R_FAILURE);
}
state->zone_name = strdup(argv[1]);
if (state->zone_name == NULL) {
free(state);
return (ISC_R_NOMEMORY);
}
sprintf(soa_data, "%s hostmaster.%s 123 900 600 86400 3600",
state->zone_name, state->zone_name);
if (strcmp(state->zone_name, ".") == 0)
extra = ".root";
else
extra = ".";
n = sprintf(soa_data, "%s hostmaster%s%s 123 900 600 86400 3600",
state->zone_name, extra, state->zone_name);
if (n < 0)
CHECK(ISC_R_FAILURE);
if ((unsigned)n >= sizeof(soa_data))
CHECK(ISC_R_NOSPACE);
add_name(state, &state->current[0], state->zone_name,
"soa", 3600, soa_data);
@ -239,12 +273,17 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[],
add_name(state, &state->current[0], state->zone_name,
"a", 1800, "10.53.0.1");
state->log(ISC_LOG_INFO,
"dlz_example: started for zone %s",
state->zone_name);
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: started for zone %s",
state->zone_name);
*dbdata = state;
return (ISC_R_SUCCESS);
failure:
free(state);
return (result);
}
/*
@ -254,9 +293,10 @@ void
dlz_destroy(void *dbdata) {
struct dlz_example_data *state = (struct dlz_example_data *)dbdata;
state->log(ISC_LOG_INFO,
"dlz_example: shutting down zone %s",
state->zone_name);
if (state->log != NULL)
state->log(ISC_LOG_INFO,
"dlz_example: shutting down zone %s",
state->zone_name);
free(state->zone_name);
free(state);
}
@ -291,15 +331,19 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
struct dlz_example_data *state = (struct dlz_example_data *)dbdata;
isc_boolean_t found = ISC_FALSE;
isc_sockaddr_t *src;
char full_name[100];
char full_name[256];
int i;
UNUSED(zone);
if (strcmp(name, "@") == 0)
strcpy(full_name, state->zone_name);
else
sprintf(full_name, "%s.%s", name, state->zone_name);
if (state->putrr == NULL)
return (ISC_R_NOTIMPLEMENTED);
if (strcmp(name, "@") == 0) {
strncpy(full_name, state->zone_name, 255);
full_name[255] = '\0';
} else
snprintf(full_name, 255, "%s.%s", name, state->zone_name);
if (strcmp(name, "source-addr") == 0) {
char buf[100];
@ -312,7 +356,7 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
fmt_address(src, buf, sizeof(buf));
}
fprintf(stderr, "connection from: %s\n", buf);
fprintf(stderr, "lookup: connection from: %s\n", buf);
found = ISC_TRUE;
result = state->putrr(lookup, "TXT", 0, buf);
@ -359,6 +403,9 @@ dlz_allnodes(const char *zone, void *dbdata, dns_sdlzallnodes_t *allnodes) {
UNUSED(zone);
if (state->putnamedrr == NULL)
return (ISC_R_NOTIMPLEMENTED);
for (i = 0; i < MAX_RECORDS; i++) {
isc_result_t result;
if (strlen(state->current[i].name) == 0U) {
@ -384,9 +431,10 @@ dlz_newversion(const char *zone, void *dbdata, void **versionp) {
struct dlz_example_data *state = (struct dlz_example_data *)dbdata;
if (state->transaction_started) {
state->log(ISC_LOG_INFO,
"dlz_example: transaction already "
"started for zone %s", zone);
if (state->log != NULL)
state->log(ISC_LOG_INFO,
"dlz_example: transaction already "
"started for zone %s", zone);
return (ISC_R_FAILURE);
}
@ -406,9 +454,9 @@ dlz_closeversion(const char *zone, isc_boolean_t commit,
struct dlz_example_data *state = (struct dlz_example_data *)dbdata;
if (!state->transaction_started) {
state->log(ISC_LOG_INFO,
"dlz_example: transaction not started for zone %s",
zone);
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: transaction not "
"started for zone %s", zone);
*versionp = NULL;
return;
}
@ -419,31 +467,31 @@ dlz_closeversion(const char *zone, isc_boolean_t commit,
if (commit) {
int i;
state->log(ISC_LOG_INFO,
"dlz_example: committing transaction on zone %s",
zone);
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: committing "
"transaction on zone %s", zone);
for (i = 0; i < MAX_RECORDS; i++) {
if (strlen(state->adds[i].name) > 0U) {
add_name(state, &state->current[0],
state->adds[i].name,
state->adds[i].type,
state->adds[i].ttl,
state->adds[i].data);
if (strlen(state->deletes[i].name) > 0U) {
(void)del_name(state, &state->current[0],
state->deletes[i].name,
state->deletes[i].type,
state->deletes[i].ttl,
state->deletes[i].data);
}
}
for (i = 0; i < MAX_RECORDS; i++) {
if (strlen(state->deletes[i].name) > 0U) {
del_name(state, &state->current[0],
state->deletes[i].name,
state->deletes[i].type,
state->deletes[i].ttl,
state->deletes[i].data);
if (strlen(state->adds[i].name) > 0U) {
(void)add_name(state, &state->current[0],
state->adds[i].name,
state->adds[i].type,
state->adds[i].ttl,
state->adds[i].data);
}
}
} else {
state->log(ISC_LOG_INFO,
"dlz_example: cancelling transaction on zone %s",
zone);
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: cancelling "
"transaction on zone %s", zone);
}
memset(state->adds, 0, sizeof(state->adds));
memset(state->deletes, 0, sizeof(state->deletes));
@ -458,25 +506,27 @@ dlz_configure(dns_view_t *view, void *dbdata) {
struct dlz_example_data *state = (struct dlz_example_data *)dbdata;
isc_result_t result;
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: starting configure");
state->log(ISC_LOG_INFO, "dlz_example: starting configure");
if (state->writeable_zone == NULL) {
state->log(ISC_LOG_INFO,
"dlz_example: no writeable_zone method available");
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: no "
"writeable_zone method available");
return (ISC_R_FAILURE);
}
result = state->writeable_zone(view, state->zone_name);
if (result != ISC_R_SUCCESS) {
state->log(ISC_LOG_ERROR,
"dlz_example: failed to configure zone %s",
state->zone_name);
if (state->log != NULL)
state->log(ISC_LOG_ERROR, "dlz_example: failed to "
"configure zone %s", state->zone_name);
return (result);
}
state->log(ISC_LOG_INFO,
"dlz_example: configured writeable zone %s",
state->zone_name);
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: configured writeable "
"zone %s", state->zone_name);
return (ISC_R_SUCCESS);
}
@ -497,14 +547,14 @@ dlz_ssumatch(const char *signer, const char *name, const char *tcpaddr,
UNUSED(keydata);
if (strncmp(name, "deny.", 5) == 0) {
state->log(ISC_LOG_INFO,
"dlz_example: denying update of name=%s by %s",
name, signer);
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: denying update "
"of name=%s by %s", name, signer);
return (ISC_FALSE);
}
state->log(ISC_LOG_INFO,
"dlz_example: allowing update of name=%s by %s",
name, signer);
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: allowing update of "
"name=%s by %s", name, signer);
return (ISC_TRUE);
}
@ -513,13 +563,16 @@ static isc_result_t
modrdataset(struct dlz_example_data *state, const char *name,
const char *rdatastr, struct record *list)
{
char *full_name, *dclass, *type, *data, *ttlstr;
char *buf = strdup(rdatastr);
char *full_name, *dclass, *type, *data, *ttlstr, *buf;
isc_result_t result;
#if defined(WIN32) || defined(_REENTRANT)
char *saveptr = NULL;
#endif
buf = strdup(rdatastr);
if (buf == NULL)
return (ISC_R_FAILURE);
/*
* The format is:
* FULLNAME\tTTL\tDCLASS\tTYPE\tDATA
@ -530,28 +583,32 @@ modrdataset(struct dlz_example_data *state, const char *name,
full_name = STRTOK_R(buf, "\t", &saveptr);
if (full_name == NULL)
return (ISC_R_FAILURE);
goto error;
ttlstr = STRTOK_R(NULL, "\t", &saveptr);
if (ttlstr == NULL)
return (ISC_R_FAILURE);
goto error;
dclass = STRTOK_R(NULL, "\t", &saveptr);
if (dclass == NULL)
return (ISC_R_FAILURE);
goto error;
type = STRTOK_R(NULL, "\t", &saveptr);
if (type == NULL)
return (ISC_R_FAILURE);
goto error;
data = STRTOK_R(NULL, "\t", &saveptr);
if (data == NULL)
return (ISC_R_FAILURE);
goto error;
result = add_name(state, list, name, type,
strtoul(ttlstr, NULL, 10), data);
free(buf);
return (result);
error:
free(buf);
return (ISC_R_FAILURE);
}
@ -564,9 +621,9 @@ dlz_addrdataset(const char *name, const char *rdatastr,
if (version != (void *) &state->transaction_started)
return (ISC_R_FAILURE);
state->log(ISC_LOG_INFO,
"dlz_example: adding rdataset %s '%s'",
name, rdatastr);
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: adding rdataset %s '%s'",
name, rdatastr);
return (modrdataset(state, name, rdatastr, &state->adds[0]));
}
@ -580,9 +637,9 @@ dlz_subrdataset(const char *name, const char *rdatastr,
if (version != (void *) &state->transaction_started)
return (ISC_R_FAILURE);
state->log(ISC_LOG_INFO,
"dlz_example: subtracting rdataset %s '%s'",
name, rdatastr);
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: subtracting rdataset "
"%s '%s'", name, rdatastr);
return (modrdataset(state, name, rdatastr, &state->deletes[0]));
}
@ -597,9 +654,9 @@ dlz_delrdataset(const char *name, const char *type,
if (version != (void *) &state->transaction_started)
return (ISC_R_FAILURE);
state->log(ISC_LOG_INFO,
"dlz_example: deleting rdataset %s of type %s",
name, type);
if (state->log != NULL)
state->log(ISC_LOG_INFO, "dlz_example: deleting rdataset %s "
"of type %s", name, type);
return (ISC_R_SUCCESS);
}

2
contrib/dlz/example/dlz_minimal.h
View file

@ -45,8 +45,10 @@ typedef uint32_t dns_ttl_t;
#define ISC_R_SUCCESS 0
#define ISC_R_NOMEMORY 1
#define ISC_R_NOPERM 6
#define ISC_R_NOSPACE 19
#define ISC_R_NOTFOUND 23
#define ISC_R_FAILURE 25
#define ISC_R_NOTIMPLEMENTED 27
#define ISC_R_NOMORE 29
/* boolean values */

6
doc/arm/Bv9ARM-book.xml
View file

@ -7291,6 +7291,12 @@ options {
disallow them on external-facing ones, without
necessarily knowing the internal network's addresses.
</para>
<para>
Note that <command>allow-query-on</command> is only
checked for queries that are permitted by
<command>allow-query</command>. A query must be
allowed by both ACLs, or it will be refused.
</para>
<para>
<command>allow-query-on</command> may
also be specified in the <command>zone</command>

32
lib/bind9/check.c
View file

@ -100,7 +100,7 @@ check_orderent(const cfg_obj_t *ent, isc_log_t *logctx) {
obj = cfg_tuple_get(ent, "name");
if (cfg_obj_isstring(obj)) {
str = cfg_obj_asstring(obj);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
tresult = dns_name_fromtext(dns_fixedname_name(&fixed), &b,
dns_rootname, 0, NULL);
@ -197,7 +197,7 @@ check_dual_stack(const cfg_obj_t *options, isc_log_t *logctx) {
continue;
obj = cfg_tuple_get(value, "name");
str = cfg_obj_asstring(obj);
isc_buffer_init(&buffer, str, strlen(str));
isc_buffer_constinit(&buffer, str, strlen(str));
isc_buffer_add(&buffer, strlen(str));
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
@ -263,7 +263,7 @@ disabled_algorithms(const cfg_obj_t *disabled, isc_log_t *logctx) {
name = dns_fixedname_name(&fixed);
obj = cfg_tuple_get(disabled, "name");
str = cfg_obj_asstring(obj);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
tresult = dns_name_fromtext(name, &b, dns_rootname, 0, NULL);
if (tresult != ISC_R_SUCCESS) {
@ -346,7 +346,7 @@ mustbesecure(const cfg_obj_t *secure, isc_symtab_t *symtab, isc_log_t *logctx,
name = dns_fixedname_name(&fixed);
obj = cfg_tuple_get(secure, "name");
str = cfg_obj_asstring(obj);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS) {
@ -813,7 +813,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
element = cfg_list_next(element)) {
exclude = cfg_listelt_value(element);
str = cfg_obj_asstring(exclude);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
tresult = dns_name_fromtext(name, &b,
dns_rootname,
@ -881,7 +881,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
continue;
}
isc_buffer_init(&b, dlv, strlen(dlv));
isc_buffer_constinit(&b, dlv, strlen(dlv));
isc_buffer_add(&b, strlen(dlv));
tresult = dns_name_fromtext(name, &b, dns_rootname,
0, NULL);
@ -915,7 +915,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
if (!cfg_obj_isvoid(anchor)) {
dlv = cfg_obj_asstring(anchor);
isc_buffer_init(&b, dlv, strlen(dlv));
isc_buffer_constinit(&b, dlv, strlen(dlv));
isc_buffer_add(&b, strlen(dlv));
tresult = dns_name_fromtext(name, &b,
dns_rootname,
@ -989,7 +989,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
(void)cfg_map_get(options, server_contact[i], &obj);
if (obj != NULL) {
str = cfg_obj_asstring(obj);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
tresult = dns_name_fromtext(dns_fixedname_name(&fixed),
&b, dns_rootname, 0, NULL);
@ -1013,7 +1013,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
{
obj = cfg_listelt_value(element);
str = cfg_obj_asstring(obj);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
tresult = dns_name_fromtext(dns_fixedname_name(&fixed), &b,
dns_rootname, 0, NULL);
@ -1198,7 +1198,7 @@ check_update_policy(const cfg_obj_t *policy, isc_log_t *logctx) {
dns_fixedname_init(&fixed);
str = cfg_obj_asstring(identity);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
tresult = dns_name_fromtext(dns_fixedname_name(&fixed), &b,
dns_rootname, 0, NULL);
@ -1212,7 +1212,7 @@ check_update_policy(const cfg_obj_t *policy, isc_log_t *logctx) {
strcasecmp(cfg_obj_asstring(matchtype), "zonesub") != 0) {
dns_fixedname_init(&fixed);
str = cfg_obj_asstring(dname);
isc_buffer_init(&b, str, strlen(str));
isc_buffer_constinit(&b, str, strlen(str));
isc_buffer_add(&b, strlen(str));
tresult = dns_name_fromtext(dns_fixedname_name(&fixed),
&b, dns_rootname, 0, NULL);
@ -1457,7 +1457,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
* deals with strings.
*/
dns_fixedname_init(&fixedname);
isc_buffer_init(&b, znamestr, strlen(znamestr));
isc_buffer_constinit(&b, znamestr, strlen(znamestr));
isc_buffer_add(&b, strlen(znamestr));
tresult = dns_name_fromtext(dns_fixedname_name(&fixedname), &b,
dns_rootname, DNS_NAME_DOWNCASE, NULL);
@ -1755,7 +1755,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
snamestr = cfg_obj_asstring(obj);
dns_fixedname_init(&fixed_sname);
isc_buffer_init(&b2, snamestr, strlen(snamestr));
isc_buffer_constinit(&b2, snamestr, strlen(snamestr));
isc_buffer_add(&b2, strlen(snamestr));
sname = dns_fixedname_name(&fixed_sname);
tresult = dns_name_fromtext(sname, &b2, dns_rootname,
@ -1934,7 +1934,7 @@ check_keylist(const cfg_obj_t *keys, isc_symtab_t *symtab,
isc_buffer_t b;
char *keyname;
isc_buffer_init(&b, keyid, strlen(keyid));
isc_buffer_constinit(&b, keyid, strlen(keyid));
isc_buffer_add(&b, strlen(keyid));
tresult = dns_name_fromtext(name, &b, dns_rootname,
0, NULL);
@ -2103,7 +2103,7 @@ check_servers(const cfg_obj_t *config, const cfg_obj_t *voptions,
*/
keyval = cfg_obj_asstring(keys);
dns_fixedname_init(&fname);
isc_buffer_init(&b, keyval, strlen(keyval));
isc_buffer_constinit(&b, keyval, strlen(keyval));
isc_buffer_add(&b, strlen(keyval));
keyname = dns_fixedname_name(&fname);
tresult = dns_name_fromtext(keyname, &b, dns_rootname,
@ -2148,7 +2148,7 @@ check_trusted_key(const cfg_obj_t *key, isc_boolean_t managed,
keyname = dns_fixedname_name(&fkeyname);
keynamestr = cfg_obj_asstring(cfg_tuple_get(key, "name"));
isc_buffer_init(&b, keynamestr, strlen(keynamestr));
isc_buffer_constinit(&b, keynamestr, strlen(keynamestr));
isc_buffer_add(&b, strlen(keynamestr));
result = dns_name_fromtext(keyname, &b, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS) {

2
lib/dns/dispatch.c
View file

@ -733,7 +733,7 @@ destroy_disp(isc_task_t *task, isc_event_t *event) {
if (disp->sepool != NULL) {
isc_mempool_destroy(&disp->sepool);
isc_mutex_destroy(&disp->sepool_lock);
(void)isc_mutex_destroy(&disp->sepool_lock);
}
if (disp->socket != NULL)

2
lib/dns/dlz.c
View file

@ -543,7 +543,7 @@ dns_dlz_writeablezone(dns_view_t *view, const char *zone_name) {
REQUIRE(dlzdatabase->configure_callback != NULL);
isc_buffer_init(&buffer, zone_name, strlen(zone_name));
isc_buffer_constinit(&buffer, zone_name, strlen(zone_name));
isc_buffer_add(&buffer, strlen(zone_name));
dns_fixedname_init(&fixorigin);
result = dns_name_fromtext(dns_fixedname_name(&fixorigin),

1
lib/dns/dnssec.c
View file

@ -352,7 +352,6 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
ret = ISC_R_NOSPACE;
goto cleanup_array;
}
memcpy(sig.signature, r.base, sig.siglen);
ret = dns_rdata_fromstruct(sigrdata, sig.common.rdclass,
sig.common.rdtype, &sig, buffer);

19
lib/dns/dst_api.c
View file

@ -1312,24 +1312,24 @@ get_key_struct(dns_name_t *name, unsigned int alg,
return (NULL);
memset(key, 0, sizeof(dst_key_t));
key->magic = KEY_MAGIC;
result = isc_refcount_init(&key->refs, 1);
if (result != ISC_R_SUCCESS) {
isc_mem_put(mctx, key, sizeof(dst_key_t));
return (NULL);
}
key->key_name = isc_mem_get(mctx, sizeof(dns_name_t));
if (key->key_name == NULL) {
isc_refcount_destroy(&key->refs);
isc_mem_put(mctx, key, sizeof(dst_key_t));
return (NULL);
}
dns_name_init(key->key_name, NULL);
result = dns_name_dup(name, mctx, key->key_name);
if (result != ISC_R_SUCCESS) {
isc_refcount_destroy(&key->refs);
isc_mem_put(mctx, key->key_name, sizeof(dns_name_t));
isc_mem_put(mctx, key, sizeof(dst_key_t));
return (NULL);
}
result = isc_refcount_init(&key->refs, 1);
if (result != ISC_R_SUCCESS) {
dns_name_free(key->key_name, mctx);
isc_mem_put(mctx, key->key_name, sizeof(dns_name_t));
isc_mem_put(mctx, key, sizeof(dst_key_t));
return (NULL);
@ -1349,6 +1349,7 @@ get_key_struct(dns_name_t *name, unsigned int alg,
key->times[i] = 0;
key->timeset[i] = ISC_FALSE;
}
key->magic = KEY_MAGIC;
return (key);
}

126
lib/dns/gen.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2009, 2012-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: gen.c,v 1.85 2009/12/04 22:06:37 tbox Exp $ */
/*! \file */
#ifdef WIN32
@ -41,7 +39,12 @@
#include "gen-unix.h"
#endif
#define TYPECLASSLEN 21
#define INSIST(cond) \
if (!(cond)) { \
fprintf(stderr, "%s:%d: INSIST(%s)\n", \
__FILE__, __LINE__, #cond); \
abort(); \
}
#define FROMTEXTARGS "rdclass, type, lexer, origin, options, target, callbacks"
#define FROMTEXTCLASS "rdclass"
@ -131,27 +134,35 @@ const char copyright[] =
"/*! \\file */\n"
"\n";
#define STR_EXPAND(tok) #tok
#define STR(tok) STR_EXPAND(tok)
#define TYPENAMES 256
#define TYPECLASSLEN 20 /* DNS mnemonic size. Must be less than 100. */
#define TYPECLASSBUF (TYPECLASSLEN + 1)
#define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d"
#define ATTRIBUTESIZE 256
#define DIRNAMESIZE 256
struct cc {
struct cc *next;
int rdclass;
char classname[TYPECLASSLEN];
char classname[TYPECLASSBUF];
} *classes;
struct tt {
struct tt *next;
int rdclass;
int type;
char classname[TYPECLASSLEN];
char typename[TYPECLASSLEN];
char dirname[256]; /* XXX Should be max path length */
char classname[TYPECLASSBUF];
char typename[TYPECLASSBUF];
char dirname[DIRNAMESIZE]; /* XXX Should be max path length */
} *types;
struct ttnam {
char typename[TYPECLASSLEN];
char macroname[TYPECLASSLEN];
char attr[256];
char typename[TYPECLASSBUF];
char macroname[TYPECLASSBUF];
char attr[ATTRIBUTESIZE];
unsigned int sorted;
int type;
} typenames[TYPENAMES];
@ -202,6 +213,7 @@ funname(const char *s, char *buf) {
char *b = buf;
char c;
INSIST(strlen(s) < TYPECLASSBUF);
while ((c = *s++)) {
*b++ = (c == '-') ? '_' : c;
}
@ -217,7 +229,7 @@ doswitch(const char *name, const char *function, const char *args,
int first = 1;
int lasttype = 0;
int subswitch = 0;
char buf1[TYPECLASSLEN], buf2[TYPECLASSLEN];
char buf1[TYPECLASSBUF], buf2[TYPECLASSBUF];
const char *result = " result =";
if (res == NULL)
@ -283,7 +295,7 @@ doswitch(const char *name, const char *function, const char *args,
void
dodecl(char *type, char *function, char *args) {
struct tt *tt;
char buf1[TYPECLASSLEN], buf2[TYPECLASSLEN];
char buf1[TYPECLASSBUF], buf2[TYPECLASSBUF];
fputs("\n", stdout);
for (tt = types; tt; tt = tt->next)
@ -315,9 +327,10 @@ find_typename(int type) {
void
insert_into_typenames(int type, const char *typename, const char *attr) {
struct ttnam *ttn = NULL;
int c, i;
int c, i, n;
char tmp[256];
INSIST(strlen(typename) < TYPECLASSBUF);
for (i = 0; i < TYPENAMES; i++) {
if (typenames[i].typename[0] != 0 &&
typenames[i].type == type &&
@ -340,10 +353,10 @@ insert_into_typenames(int type, const char *typename, const char *attr) {
typename);
exit(1);
}
strncpy(ttn->typename, typename, TYPECLASSLEN);
strncpy(ttn->typename, typename, sizeof(ttn->typename));
ttn->type = type;
strncpy(ttn->macroname, ttn->typename, TYPECLASSLEN);
strncpy(ttn->macroname, ttn->typename, sizeof(ttn->macroname));
c = strlen(ttn->macroname);
while (c > 0) {
if (ttn->macroname[c - 1] == '-')
@ -352,8 +365,9 @@ insert_into_typenames(int type, const char *typename, const char *attr) {
}
if (attr == NULL) {
snprintf(tmp, sizeof(tmp),
"RRTYPE_%s_ATTRIBUTES", upper(ttn->macroname));
n = snprintf(tmp, sizeof(tmp),
"RRTYPE_%s_ATTRIBUTES", upper(ttn->macroname));
INSIST(n > 0 && n < sizeof(tmp));
attr = tmp;
}
@ -383,6 +397,10 @@ add(int rdclass, const char *classname, int type, const char *typename,
struct cc *newcc;
struct cc *cc, *oldcc;
INSIST(strlen(typename) < TYPECLASSBUF);
INSIST(strlen(classname) < TYPECLASSBUF);
INSIST(strlen(dirname) < DIRNAMESIZE);
insert_into_typenames(type, typename, NULL);
if (newtt == NULL) {
@ -393,11 +411,11 @@ add(int rdclass, const char *classname, int type, const char *typename,
newtt->next = NULL;
newtt->rdclass = rdclass;
newtt->type = type;
strncpy(newtt->classname, classname, TYPECLASSLEN);
strncpy(newtt->typename, typename, TYPECLASSLEN);
strncpy(newtt->classname, classname, sizeof(newtt->classname));
strncpy(newtt->typename, typename, sizeof(newtt->typename));
if (strncmp(dirname, "./", 2) == 0)
dirname += 2;
strncpy(newtt->dirname, dirname, 256);
strncpy(newtt->dirname, dirname, sizeof(newtt->dirname));
tt = types;
oldtt = NULL;
@ -430,8 +448,12 @@ add(int rdclass, const char *classname, int type, const char *typename,
return;
newcc = (struct cc *)malloc(sizeof(*newcc));
if (newcc == NULL) {
fprintf(stderr, "malloc() failed\n");
exit(1);
}
newcc->rdclass = rdclass;
strncpy(newcc->classname, classname, TYPECLASSLEN);
strncpy(newcc->classname, classname, sizeof(newcc->classname));
cc = classes;
oldcc = NULL;
@ -454,24 +476,23 @@ add(int rdclass, const char *classname, int type, const char *typename,
void
sd(int rdclass, const char *classname, const char *dirname, char filetype) {
char buf[sizeof("01234567890123456789_65535.h")];
char fmt[sizeof("%20[-0-9a-z]_%d.h")];
int type;
char typename[TYPECLASSLEN];
char buf[TYPECLASSLEN + sizeof("_65535.h")];
char typename[TYPECLASSBUF];
int type, n;
isc_dir_t dir;
if (!start_directory(dirname, &dir))
return;
snprintf(fmt, sizeof(fmt), "%s%c", "%20[-0-9a-z]_%d.", filetype);
while (next_file(&dir)) {
if (sscanf(dir.filename, fmt, typename, &type) != 2)
if (sscanf(dir.filename, TYPECLASSFMT, typename, &type) != 2)
continue;
if ((type > 65535) || (type < 0))
continue;
snprintf(buf, sizeof(buf),
"%s_%d.%c", typename, type, filetype);
n = snprintf(buf, sizeof(buf), "%s_%d.%c", typename,
type, filetype);
INSIST(n > 0 && n < sizeof(buf));
if (strcmp(buf, dir.filename) != 0)
continue;
add(rdclass, classname, type, typename, dirname);
@ -498,10 +519,10 @@ HASH(char *string) {
int
main(int argc, char **argv) {
char buf[256]; /* XXX Should be max path length */
char srcdir[256]; /* XXX Should be max path length */
char buf[DIRNAMESIZE]; /* XXX Should be max path length */
char srcdir[DIRNAMESIZE]; /* XXX Should be max path length */
int rdclass;
char classname[TYPECLASSLEN];
char classname[TYPECLASSBUF];
struct tt *tt;
struct cc *cc;
struct ttnam *ttn, *ttn2;
@ -515,8 +536,8 @@ main(int argc, char **argv) {
int type_enum = 0;
int structs = 0;
int depend = 0;
int c, i, j;
char buf1[TYPECLASSLEN];
int c, i, j, n;
char buf1[TYPECLASSBUF];
char filetype = 'c';
FILE *fd;
char *prefix = NULL;
@ -563,8 +584,16 @@ main(int argc, char **argv) {
filetype = 'h';
break;
case 's':
snprintf(srcdir, sizeof(srcdir),
"%s/", isc_commandline_argument);
if (strlen(isc_commandline_argument) >
DIRNAMESIZE - 2 * TYPECLASSLEN -
sizeof("/rdata/_65535_65535")) {
fprintf(stderr, "\"%s\" too long\n",
isc_commandline_argument);
exit(1);
}
n = snprintf(srcdir, sizeof(srcdir), "%s/",
isc_commandline_argument);
INSIST(n > 0 && n < sizeof(srcdir));
break;
case 'F':
file = isc_commandline_argument;
@ -579,32 +608,37 @@ main(int argc, char **argv) {
exit(1);
}
snprintf(buf, sizeof(buf), "%srdata", srcdir);
n = snprintf(buf, sizeof(buf), "%srdata", srcdir);
INSIST(n > 0 && n < sizeof(srcdir));
if (!start_directory(buf, &dir))
exit(1);
while (next_file(&dir)) {
if (sscanf(dir.filename, "%10[0-9a-z]_%d",
classname, &rdclass) != 2)
if (sscanf(dir.filename, TYPECLASSFMT, classname,
&rdclass) != 2)
continue;
if ((rdclass > 65535) || (rdclass < 0))
continue;
snprintf(buf, sizeof(buf),
"%srdata/%s_%d", srcdir, classname, rdclass);
n = snprintf(buf, sizeof(buf), "%srdata/%s_%d",
srcdir, classname, rdclass);
INSIST(n > 0 && n < sizeof(buf));
if (strcmp(buf + 6 + strlen(srcdir), dir.filename) != 0)
continue;
sd(rdclass, classname, buf, filetype);
}
end_directory(&dir);
snprintf(buf, sizeof(buf), "%srdata/generic", srcdir);
n = snprintf(buf, sizeof(buf), "%srdata/generic", srcdir);
INSIST(n > 0 && n < sizeof(srcdir));
sd(0, "", buf, filetype);
if (time(&now) != -1) {
if ((tm = localtime(&now)) != NULL && tm->tm_year > 104)
snprintf(year, sizeof(year), "-%d", tm->tm_year + 1900);
else
if ((tm = localtime(&now)) != NULL && tm->tm_year > 104) {
n = snprintf(year, sizeof(year), "-%d",
tm->tm_year + 1900);
INSIST(n > 0 && n < sizeof(year));
} else
year[0] = 0;
} else
year[0] = 0;

13
lib/dns/include/dns/nsec.h
View file

@ -98,6 +98,19 @@ dns_nsec_isset(const unsigned char *array, unsigned int type);
* Test if the corresponding 'type' bit is set in 'array'.
*/
isc_result_t
dns_nsec_noexistnodata(dns_rdatatype_t type, dns_name_t *name,
dns_name_t *nsecname, dns_rdataset_t *nsecset,
isc_boolean_t *exists, isc_boolean_t *data,
dns_name_t *wild, dns_nseclog_t log, void *arg);
/*%
* Return ISC_R_SUCCESS if we can determine that the name doesn't exist
* or we can determine whether there is data or not at the name.
* If the name does not exist return the wildcard name.
*
* Return ISC_R_IGNORE when the NSEC is not the appropriate one.
*/
ISC_LANG_ENDDECLS
#endif /* DNS_NSEC_H */

10
lib/dns/include/dns/nsec3.h
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -248,6 +248,14 @@ dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver,
* Mark NSEC3PARAM for deletion.
*/
isc_result_t
dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
dns_name_t *nsec3name, dns_rdataset_t *nsec3set,
dns_name_t *zonename, isc_boolean_t *exists,
isc_boolean_t *data, isc_boolean_t *optout,
isc_boolean_t *unknown, isc_boolean_t *setclosest,
isc_boolean_t *setnearest, dns_name_t *closest,
dns_name_t *nearest, dns_nseclog_t logit, void *arg);
ISC_LANG_ENDDECLS

1
lib/dns/include/dns/rdata.h
View file

@ -177,6 +177,7 @@ struct dns_rdata {
#define DNS_RDATA_CHECKREVERSE DNS_NAME_CHECKREVERSE
#define DNS_RDATA_CHECKMX DNS_NAME_CHECKMX
#define DNS_RDATA_CHECKMXFAIL DNS_NAME_CHECKMXFAIL
#define DNS_RDATA_UNKNOWNESCAPE 0x80000000
/***
*** Initialization

5
lib/dns/include/dns/result.h
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -152,8 +152,9 @@
#define DNS_R_BROKENCHAIN (ISC_RESULTCLASS_DNS + 106)
#define DNS_R_EXPIRED (ISC_RESULTCLASS_DNS + 107)
#define DNS_R_NOTDYNAMIC (ISC_RESULTCLASS_DNS + 108)
#define DNS_R_UNSAFENAME (ISC_RESULTCLASS_DNS + 109)
#define DNS_R_NRESULTS 109 /*%< Number of results */
#define DNS_R_NRESULTS 110 /*%< Number of results */
/*
* DNS wire format rcodes.

3
lib/dns/include/dns/types.h
View file

@ -392,4 +392,7 @@ typedef isc_boolean_t
(*dns_isselffunc_t)(dns_view_t *, dns_tsigkey_t *, isc_sockaddr_t *,
isc_sockaddr_t *, dns_rdataclass_t, void *);
typedef void
(*dns_nseclog_t)(void *val, int , const char *, ...);
#endif /* DNS_TYPES_H */

25
lib/dns/master.c
View file

@ -157,6 +157,7 @@ struct dns_incctx {
int glue_in_use;
int current_in_use;
int origin_in_use;
isc_boolean_t origin_changed;
isc_boolean_t drop;
unsigned int glue_line;
unsigned int current_line;
@ -1404,6 +1405,7 @@ load_text(dns_loadctx_t *lctx) {
ictx->origin_in_use = new_in_use;
ictx->in_use[ictx->origin_in_use] = ISC_TRUE;
ictx->origin = new_name;
ictx->origin_changed = ISC_TRUE;
finish_origin = ISC_FALSE;
EXPECTEOL;
continue;
@ -1576,8 +1578,31 @@ load_text(dns_loadctx_t *lctx) {
} else if (result != ISC_R_SUCCESS)
goto insist_and_cleanup;
}
if (ictx->origin_changed) {
char cbuf[DNS_NAME_FORMATSIZE];
char obuf[DNS_NAME_FORMATSIZE];
dns_name_format(ictx->current, cbuf,
sizeof(cbuf));
dns_name_format(ictx->origin, obuf,
sizeof(obuf));
(*callbacks->error)(callbacks,
"%s:%lu: record with inherited "
"owner (%s) immediately after "
"$ORIGIN (%s)", source, line,
cbuf, obuf);
result = DNS_R_UNSAFENAME;
if (MANYERRS(lctx, result)) {
SETRESULT(lctx, result);
read_till_eol = ISC_TRUE;
continue;
} else if (result != ISC_R_SUCCESS)
goto insist_and_cleanup;
}
}
ictx->origin_changed = ISC_FALSE;
if (dns_rdataclass_fromtext(&rdclass,
&token.value.as_textregion)
== ISC_R_SUCCESS)

14
lib/dns/name.c
View file

@ -843,6 +843,10 @@ dns_name_matcheswildcard(const dns_name_t *name, const dns_name_t *wname) {
REQUIRE(labels > 0);
REQUIRE(dns_name_iswildcard(wname));
#if defined(__clang__) && \
( __clang_major__ < 3 || (__clang_major__ == 3 && __clang_minor__ < 2))
memset(&tname, 0, sizeof(tname));
#endif
DNS_NAME_INIT(&tname, NULL);
dns_name_getlabelsequence(wname, 1, labels - 1, &tname);
if (dns_name_fullcompare(name, &tname, &order, &nlabels) ==
@ -1937,6 +1941,10 @@ dns_name_towire(const dns_name_t *name, dns_compress_t *cctx,
* has one.
*/
if (name->offsets == NULL) {
#if defined(__clang__) && \
( __clang_major__ < 3 || (__clang_major__ == 3 && __clang_minor__ < 2))
memset(&clname, 0, sizeof(clname));
#endif
DNS_NAME_INIT(&clname, clo);
dns_name_clone(name, &clname);
name = &clname;
@ -2242,6 +2250,10 @@ dns_name_digest(dns_name_t *name, dns_digestfunc_t digest, void *arg) {
REQUIRE(VALID_NAME(name));
REQUIRE(digest != NULL);
#if defined(__clang__) && \
( __clang_major__ < 3 || (__clang_major__ == 3 && __clang_minor__ < 2))
memset(&downname, 0, sizeof(downname));
#endif
DNS_NAME_INIT(&downname, NULL);
isc_buffer_init(&buffer, data, sizeof(data));
@ -2408,7 +2420,7 @@ dns_name_fromstring2(dns_name_t *target, const char *src,
REQUIRE(src != NULL);
isc_buffer_init(&buf, src, strlen(src));
isc_buffer_constinit(&buf, src, strlen(src));
isc_buffer_add(&buf, strlen(src));
if (BINDABLE(target) && target->buffer != NULL)
name = target;

159
lib/dns/nsec.c
View file

@ -21,6 +21,7 @@
#include <config.h>
#include <isc/log.h>
#include <isc/string.h>
#include <isc/util.h>
@ -290,3 +291,161 @@ dns_nsec_nseconly(dns_db_t *db, dns_dbversion_t *version,
}
return (result);
}
/*%
* Return ISC_R_SUCCESS if we can determine that the name doesn't exist
* or we can determine whether there is data or not at the name.
* If the name does not exist return the wildcard name.
*
* Return ISC_R_IGNORE when the NSEC is not the appropriate one.
*/
isc_result_t
dns_nsec_noexistnodata(dns_rdatatype_t type, dns_name_t *name,
dns_name_t *nsecname, dns_rdataset_t *nsecset,
isc_boolean_t *exists, isc_boolean_t *data,
dns_name_t *wild, dns_nseclog_t logit, void *arg)
{
int order;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_result_t result;
dns_namereln_t relation;
unsigned int olabels, nlabels, labels;
dns_rdata_nsec_t nsec;
isc_boolean_t atparent;
isc_boolean_t ns;
isc_boolean_t soa;
REQUIRE(exists != NULL);
REQUIRE(data != NULL);
REQUIRE(nsecset != NULL &&
nsecset->type == dns_rdatatype_nsec);
result = dns_rdataset_first(nsecset);
if (result != ISC_R_SUCCESS) {
(*logit)(arg, ISC_LOG_DEBUG(3), "failure processing NSEC set");
return (result);
}
dns_rdataset_current(nsecset, &rdata);
(*logit)(arg, ISC_LOG_DEBUG(3), "looking for relevant nsec");
relation = dns_name_fullcompare(name, nsecname, &order, &olabels);
if (order < 0) {
/*
* The name is not within the NSEC range.
*/
(*logit)(arg, ISC_LOG_DEBUG(3),
"NSEC does not cover name, before NSEC");
return (ISC_R_IGNORE);
}
if (order == 0) {
/*
* The names are the same. If we are validating "."
* then atparent should not be set as there is no parent.
*/
atparent = (olabels != 1) && dns_rdatatype_atparent(type);
ns = dns_nsec_typepresent(&rdata, dns_rdatatype_ns);
soa = dns_nsec_typepresent(&rdata, dns_rdatatype_soa);
if (ns && !soa) {
if (!atparent) {
/*
* This NSEC record is from somewhere higher in
* the DNS, and at the parent of a delegation.
* It can not be legitimately used here.
*/
(*logit)(arg, ISC_LOG_DEBUG(3),
"ignoring parent nsec");
return (ISC_R_IGNORE);
}
} else if (atparent && ns && soa) {
/*
* This NSEC record is from the child.
* It can not be legitimately used here.
*/
(*logit)(arg, ISC_LOG_DEBUG(3),
"ignoring child nsec");
return (ISC_R_IGNORE);
}
if (type == dns_rdatatype_cname || type == dns_rdatatype_nxt ||
type == dns_rdatatype_nsec || type == dns_rdatatype_key ||
!dns_nsec_typepresent(&rdata, dns_rdatatype_cname)) {
*exists = ISC_TRUE;
*data = dns_nsec_typepresent(&rdata, type);
(*logit)(arg, ISC_LOG_DEBUG(3),
"nsec proves name exists (owner) data=%d",
*data);
return (ISC_R_SUCCESS);
}
(*logit)(arg, ISC_LOG_DEBUG(3), "NSEC proves CNAME exists");
return (ISC_R_IGNORE);
}
if (relation == dns_namereln_subdomain &&
dns_nsec_typepresent(&rdata, dns_rdatatype_ns) &&
!dns_nsec_typepresent(&rdata, dns_rdatatype_soa))
{
/*
* This NSEC record is from somewhere higher in
* the DNS, and at the parent of a delegation.
* It can not be legitimately used here.
*/
(*logit)(arg, ISC_LOG_DEBUG(3), "ignoring parent nsec");
return (ISC_R_IGNORE);
}
result = dns_rdata_tostruct(&rdata, &nsec, NULL);
if (result != ISC_R_SUCCESS)
return (result);
relation = dns_name_fullcompare(&nsec.next, name, &order, &nlabels);
if (order == 0) {
dns_rdata_freestruct(&nsec);
(*logit)(arg, ISC_LOG_DEBUG(3),
"ignoring nsec matches next name");
return (ISC_R_IGNORE);
}
if (order < 0 && !dns_name_issubdomain(nsecname, &nsec.next)) {
/*
* The name is not within the NSEC range.
*/
dns_rdata_freestruct(&nsec);
(*logit)(arg, ISC_LOG_DEBUG(3),
"ignoring nsec because name is past end of range");
return (ISC_R_IGNORE);
}
if (order > 0 && relation == dns_namereln_subdomain) {
(*logit)(arg, ISC_LOG_DEBUG(3),
"nsec proves name exist (empty)");
dns_rdata_freestruct(&nsec);
*exists = ISC_TRUE;
*data = ISC_FALSE;
return (ISC_R_SUCCESS);
}
if (wild != NULL) {
dns_name_t common;
dns_name_init(&common, NULL);
if (olabels > nlabels) {
labels = dns_name_countlabels(nsecname);
dns_name_getlabelsequence(nsecname, labels - olabels,
olabels, &common);
} else {
labels = dns_name_countlabels(&nsec.next);
dns_name_getlabelsequence(&nsec.next, labels - nlabels,
nlabels, &common);
}
result = dns_name_concatenate(dns_wildcardname, &common,
wild, NULL);
if (result != ISC_R_SUCCESS) {
dns_rdata_freestruct(&nsec);
(*logit)(arg, ISC_LOG_DEBUG(3),
"failure generating wildcard name");
return (result);
}
}
dns_rdata_freestruct(&nsec);
(*logit)(arg, ISC_LOG_DEBUG(3), "nsec range ok");
*exists = ISC_FALSE;
return (ISC_R_SUCCESS);
}

290
lib/dns/nsec3.c
View file

@ -22,6 +22,7 @@
#include <isc/buffer.h>
#include <isc/hex.h>
#include <isc/iterated_hash.h>
#include <isc/log.h>
#include <isc/string.h>
#include <isc/util.h>
@ -1098,7 +1099,12 @@ dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver,
INSIST(rdata.length <= sizeof(buf));
memcpy(buf, rdata.data, rdata.length);
if (buf[0] != 0 || (buf[2] & DNS_NSEC3FLAG_REMOVE) != 0 ||
/*
* Private NSEC3 record length >= 6.
* <0(1), hash(1), flags(1), iterations(2), saltlen(1)>
*/
if (rdata.length < 6 || buf[0] != 0 ||
(buf[2] & DNS_NSEC3FLAG_REMOVE) != 0 ||
(nonsec && (buf[2] & DNS_NSEC3FLAG_NONSEC) != 0))
continue;
@ -1797,3 +1803,285 @@ dns_nsec3_maxiterations(dns_db_t *db, dns_dbversion_t *version,
dns_rdataset_disassociate(&rdataset);
return (result);
}
isc_result_t
dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name,
dns_name_t *nsec3name, dns_rdataset_t *nsec3set,
dns_name_t *zonename, isc_boolean_t *exists,
isc_boolean_t *data, isc_boolean_t *optout,
isc_boolean_t *unknown, isc_boolean_t *setclosest,
isc_boolean_t *setnearest, dns_name_t *closest,
dns_name_t *nearest, dns_nseclog_t logit, void *arg)
{
char namebuf[DNS_NAME_FORMATSIZE];
dns_fixedname_t fzone;
dns_fixedname_t qfixed;
dns_label_t hashlabel;
dns_name_t *qname;
dns_name_t *zone;
dns_rdata_nsec3_t nsec3;
dns_rdata_t rdata = DNS_RDATA_INIT;
int order;
int scope;
isc_boolean_t atparent;
isc_boolean_t first;
isc_boolean_t ns;
isc_boolean_t soa;
isc_buffer_t buffer;
isc_result_t answer = ISC_R_IGNORE;
isc_result_t result;
unsigned char hash[NSEC3_MAX_HASH_LENGTH];
unsigned char owner[NSEC3_MAX_HASH_LENGTH];
unsigned int length;
unsigned int qlabels;
unsigned int zlabels;
REQUIRE((exists == NULL && data == NULL) ||
(exists != NULL && data != NULL));
REQUIRE(nsec3set != NULL && nsec3set->type == dns_rdatatype_nsec3);
REQUIRE((setclosest == NULL && closest == NULL) ||
(setclosest != NULL && closest != NULL));
REQUIRE((setnearest == NULL && nearest == NULL) ||
(setnearest != NULL && nearest != NULL));
result = dns_rdataset_first(nsec3set);
if (result != ISC_R_SUCCESS) {
(*logit)(arg, ISC_LOG_DEBUG(3), "failure processing NSEC3 set");
return (result);
}
dns_rdataset_current(nsec3set, &rdata);
result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
if (result != ISC_R_SUCCESS)
return (result);
(*logit)(arg, ISC_LOG_DEBUG(3), "looking for relevant NSEC3");
dns_fixedname_init(&fzone);
zone = dns_fixedname_name(&fzone);
zlabels = dns_name_countlabels(nsec3name);
/*
* NSEC3 records must have two or more labels to be valid.
*/
if (zlabels < 2)
return (ISC_R_IGNORE);
/*
* Strip off the NSEC3 hash to get the zone.
*/
zlabels--;
dns_name_split(nsec3name, zlabels, NULL, zone);
/*
* If not below the zone name we can ignore this record.
*/
if (!dns_name_issubdomain(name, zone))
return (ISC_R_IGNORE);
/*
* Is this zone the same or deeper than the current zone?
*/
if (dns_name_countlabels(zonename) == 0 ||
dns_name_issubdomain(zone, zonename))
dns_name_copy(zone, zonename, NULL);
if (!dns_name_equal(zone, zonename))
return (ISC_R_IGNORE);
/*
* Are we only looking for the most enclosing zone?
*/
if (exists == NULL || data == NULL)
return (ISC_R_SUCCESS);
/*
* Only set unknown once we are sure that this NSEC3 is from
* the deepest covering zone.
*/
if (!dns_nsec3_supportedhash(nsec3.hash)) {
if (unknown != NULL)
*unknown = ISC_TRUE;
return (ISC_R_IGNORE);
}
/*
* Recover the hash from the first label.
*/
dns_name_getlabel(nsec3name, 0, &hashlabel);
isc_region_consume(&hashlabel, 1);
isc_buffer_init(&buffer, owner, sizeof(owner));
result = isc_base32hex_decoderegion(&hashlabel, &buffer);
if (result != ISC_R_SUCCESS)
return (result);
/*
* The hash lengths should match. If not ignore the record.
*/
if (isc_buffer_usedlength(&buffer) != nsec3.next_length)
return (ISC_R_IGNORE);
/*
* Work out what this NSEC3 covers.
* Inside (<0) or outside (>=0).
*/
scope = memcmp(owner, nsec3.next, nsec3.next_length);
/*
* Prepare to compute all the hashes.
*/
dns_fixedname_init(&qfixed);
qname = dns_fixedname_name(&qfixed);
dns_name_downcase(name, qname, NULL);
qlabels = dns_name_countlabels(qname);
first = ISC_TRUE;
while (qlabels >= zlabels) {
length = isc_iterated_hash(hash, nsec3.hash, nsec3.iterations,
nsec3.salt, nsec3.salt_length,
qname->ndata, qname->length);
/*
* The computed hash length should match.
*/
if (length != nsec3.next_length) {
(*logit)(arg, ISC_LOG_DEBUG(3),
"ignoring NSEC bad length %u vs %u",
length, nsec3.next_length);
return (ISC_R_IGNORE);
}
order = memcmp(hash, owner, length);
if (first && order == 0) {
/*
* The hashes are the same.
*/
atparent = dns_rdatatype_atparent(type);
ns = dns_nsec3_typepresent(&rdata, dns_rdatatype_ns);
soa = dns_nsec3_typepresent(&rdata, dns_rdatatype_soa);
if (ns && !soa) {
if (!atparent) {
/*
* This NSEC3 record is from somewhere
* higher in the DNS, and at the
* parent of a delegation. It can not
* be legitimately used here.
*/
(*logit)(arg, ISC_LOG_DEBUG(3),
"ignoring parent NSEC3");
return (ISC_R_IGNORE);
}
} else if (atparent && ns && soa) {
/*
* This NSEC3 record is from the child.
* It can not be legitimately used here.
*/
(*logit)(arg, ISC_LOG_DEBUG(3),
"ignoring child NSEC3");
return (ISC_R_IGNORE);
}
if (type == dns_rdatatype_cname ||
type == dns_rdatatype_nxt ||
type == dns_rdatatype_nsec ||
type == dns_rdatatype_key ||
!dns_nsec3_typepresent(&rdata, dns_rdatatype_cname)) {
*exists = ISC_TRUE;
*data = dns_nsec3_typepresent(&rdata, type);
(*logit)(arg, ISC_LOG_DEBUG(3),
"NSEC3 proves name exists (owner) "
"data=%d", *data);
return (ISC_R_SUCCESS);
}
(*logit)(arg, ISC_LOG_DEBUG(3),
"NSEC3 proves CNAME exists");
return (ISC_R_IGNORE);
}
if (order == 0 &&
dns_nsec3_typepresent(&rdata, dns_rdatatype_ns) &&
!dns_nsec3_typepresent(&rdata, dns_rdatatype_soa))
{
/*
* This NSEC3 record is from somewhere higher in
* the DNS, and at the parent of a delegation.
* It can not be legitimately used here.
*/
(*logit)(arg, ISC_LOG_DEBUG(3),
"ignoring parent NSEC3");
return (ISC_R_IGNORE);
}
/*
* Potential closest encloser.
*/
if (order == 0) {
if (closest != NULL &&
(dns_name_countlabels(closest) == 0 ||
dns_name_issubdomain(qname, closest)) &&
!dns_nsec3_typepresent(&rdata, dns_rdatatype_ds) &&
!dns_nsec3_typepresent(&rdata, dns_rdatatype_dname) &&
(dns_nsec3_typepresent(&rdata, dns_rdatatype_soa) ||
!dns_nsec3_typepresent(&rdata, dns_rdatatype_ns)))
{
dns_name_format(qname, namebuf,
sizeof(namebuf));
(*logit)(arg, ISC_LOG_DEBUG(3),
"NSEC3 indicates potential closest "
"encloser: '%s'", namebuf);
dns_name_copy(qname, closest, NULL);
*setclosest = ISC_TRUE;
}
dns_name_format(qname, namebuf, sizeof(namebuf));
(*logit)(arg, ISC_LOG_DEBUG(3),
"NSEC3 at super-domain %s", namebuf);
return (answer);
}
/*
* Find if the name does not exist.
*
* We continue as we need to find the name closest to the
* closest encloser that doesn't exist.
*
* We also need to continue to ensure that we are not
* proving the non-existence of a record in a sub-zone.
* If that would be the case we will return ISC_R_IGNORE
* above.
*/
if ((scope < 0 && order > 0 &&
memcmp(hash, nsec3.next, length) < 0) ||
(scope >= 0 && (order > 0 ||
memcmp(hash, nsec3.next, length) < 0)))
{
char namebuf[DNS_NAME_FORMATSIZE];
dns_name_format(qname, namebuf, sizeof(namebuf));
(*logit)(arg, ISC_LOG_DEBUG(3), "NSEC3 proves "
"name does not exist: '%s'", namebuf);
if (nearest != NULL &&
(dns_name_countlabels(nearest) == 0 ||
dns_name_issubdomain(nearest, qname))) {
dns_name_copy(qname, nearest, NULL);
*setnearest = ISC_TRUE;
}
*exists = ISC_FALSE;
*data = ISC_FALSE;
if (optout != NULL) {
if ((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0)
(*logit)(arg, ISC_LOG_DEBUG(3),
"NSEC3 indicates optout");
*optout =
ISC_TF(nsec3.flags & DNS_NSEC3FLAG_OPTOUT);
}
answer = ISC_R_SUCCESS;
}
qlabels--;
if (qlabels > 0)
dns_name_split(qname, qlabels, NULL, qname);
first = ISC_FALSE;
}
return (answer);
}

4
lib/dns/peer.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -533,7 +533,7 @@ dns_peer_setkeybycharp(dns_peer_t *peer, const char *keyval) {
isc_result_t result;
dns_fixedname_init(&fname);
isc_buffer_init(&b, keyval, strlen(keyval));
isc_buffer_constinit(&b, keyval, strlen(keyval));
isc_buffer_add(&b, strlen(keyval));
result = dns_name_fromtext(dns_fixedname_name(&fname), &b,
dns_rootname, 0, NULL);

4
lib/dns/rbt.c
View file

@ -1537,6 +1537,8 @@ rehash(dns_rbt_t *rbt) {
return;
}
INSIST(rbt->hashsize > 0);
for (i = 0; i < rbt->hashsize; i++)
rbt->hashtable[i] = NULL;
@ -1947,6 +1949,7 @@ dns_rbt_deletefromlevel(dns_rbtnode_t *delete, dns_rbtnode_t **rootp) {
COLOR(sibling) = COLOR(parent);
MAKE_BLACK(parent);
INSIST(RIGHT(sibling) != NULL);
MAKE_BLACK(RIGHT(sibling));
rotate_left(parent, rootp);
child = *rootp;
@ -1984,6 +1987,7 @@ dns_rbt_deletefromlevel(dns_rbtnode_t *delete, dns_rbtnode_t **rootp) {
COLOR(sibling) = COLOR(parent);
MAKE_BLACK(parent);
INSIST(LEFT(sibling) != NULL);
MAKE_BLACK(LEFT(sibling));
rotate_right(parent, rootp);
child = *rootp;

1
lib/dns/rbtdb.c
View file

@ -6224,6 +6224,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
* will do it on the LRU side, so memory
* will not leak... for long.
*/
INSIST(rbtdb->heaps != NULL);
isc_heap_insert(rbtdb->heaps[idx], newheader);
} else if (RESIGN(newheader))
resign_insert(rbtdb, idx, newheader);

29
lib/dns/rdata.c
View file

@ -620,6 +620,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, dns_rdataclass_t rdclass,
void (*callback)(dns_rdatacallbacks_t *, const char *, ...);
isc_result_t tresult;
size_t length;
isc_boolean_t unknown;
REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE);
if (rdata != NULL) {
@ -647,13 +648,33 @@ dns_rdata_fromtext(dns_rdata_t *rdata, dns_rdataclass_t rdclass,
return (result);
}
if (strcmp(DNS_AS_STR(token), "\\#") == 0)
result = unknown_fromtext(rdclass, type, lexer, mctx, target);
else {
unknown = ISC_FALSE;
if (token.type == isc_tokentype_string &&
strcmp(DNS_AS_STR(token), "\\#") == 0) {
/*
* If this is a TXT record '\#' could be a escaped '#'.
* Look to see if the next token is a number and if so
* treat it as a unknown record format.
*/
if (type == dns_rdatatype_txt) {
result = isc_lex_getmastertoken(lexer, &token,
isc_tokentype_number,
ISC_FALSE);
if (result == ISC_R_SUCCESS)
isc_lex_ungettoken(lexer, &token);
}
if (result == ISC_R_SUCCESS) {
unknown = ISC_TRUE;
result = unknown_fromtext(rdclass, type, lexer,
mctx, target);
} else
options |= DNS_RDATA_UNKNOWNESCAPE;
} else
isc_lex_ungettoken(lexer, &token);
if (!unknown)
FROMTEXTSWITCH
}
/*
* Consume to end of line / file.

9
lib/dns/rdata/generic/txt_16.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2007-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -38,6 +38,13 @@ fromtext_txt(ARGS_FROMTEXT) {
UNUSED(callbacks);
strings = 0;
if ((options & DNS_RDATA_UNKNOWNESCAPE) != 0) {
isc_textregion_t r;
DE_CONST("#", r.base);
r.length = 1;
RETERR(txt_fromtext(&r, target));
strings++;
}
for (;;) {
RETERR(isc_lex_getmastertoken(lexer, &token,
isc_tokentype_qstring,

186
lib/dns/resolver.c
View file

@ -21,6 +21,7 @@
#include <config.h>
#include <isc/log.h>
#include <isc/platform.h>
#include <isc/print.h>
#include <isc/string.h>
@ -43,6 +44,8 @@
#include <dns/log.h>
#include <dns/message.h>
#include <dns/ncache.h>
#include <dns/nsec.h>
#include <dns/nsec3.h>
#include <dns/opcode.h>
#include <dns/peer.h>
#include <dns/rbt.h>
@ -76,7 +79,7 @@
DNS_LOGCATEGORY_RESOLVER, \
DNS_LOGMODULE_RESOLVER, \
ISC_LOG_DEBUG(3), \
"fctx %p(%s'): %s", fctx, fctx->info, (m))
"fctx %p(%s): %s", fctx, fctx->info, (m))
#define FCTXTRACE2(m1, m2) \
isc_log_write(dns_lctx, \
DNS_LOGCATEGORY_RESOLVER, \
@ -474,6 +477,9 @@ static void validated(isc_task_t *task, isc_event_t *event);
static isc_boolean_t maybe_destroy(fetchctx_t *fctx, isc_boolean_t locked);
static void add_bad(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
isc_result_t reason, badnstype_t badtype);
static inline isc_result_t findnoqname(fetchctx_t *fctx, dns_name_t *name,
dns_rdatatype_t type,
dns_name_t **noqname);
/*%
* Increment resolver-related statistics counters.
@ -4243,7 +4249,6 @@ validated(isc_task_t *task, isc_event_t *event) {
FCTXTRACE("validation OK");
if (vevent->proofs[DNS_VALIDATOR_NOQNAMEPROOF] != NULL) {
result = dns_rdataset_addnoqname(vevent->rdataset,
vevent->proofs[DNS_VALIDATOR_NOQNAMEPROOF]);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
@ -4254,6 +4259,18 @@ validated(isc_task_t *task, isc_event_t *event) {
vevent->proofs[DNS_VALIDATOR_CLOSESTENCLOSER]);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
}
} else if (vevent->rdataset->trust == dns_trust_answer &&
vevent->rdataset->type != dns_rdatatype_rrsig)
{
isc_result_t tresult;
dns_name_t *noqname = NULL;
tresult = findnoqname(fctx, vevent->name,
vevent->rdataset->type, &noqname);
if (tresult == ISC_R_SUCCESS && noqname != NULL) {
tresult = dns_rdataset_addnoqname(vevent->rdataset,
noqname);
RUNTIME_CHECK(tresult == ISC_R_SUCCESS);
}
}
/*
@ -4394,6 +4411,133 @@ validated(isc_task_t *task, isc_event_t *event) {
isc_event_free(&event);
}
static void
fctx_log(void *arg, int level, const char *fmt, ...) {
char msgbuf[2048];
va_list args;
fetchctx_t *fctx = arg;
va_start(args, fmt);
vsnprintf(msgbuf, sizeof(msgbuf), fmt, args);
va_end(args);
isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
DNS_LOGMODULE_RESOLVER, level,
"fctx %p(%s): %s", fctx, fctx->info, msgbuf);
}
static inline isc_result_t
findnoqname(fetchctx_t *fctx, dns_name_t *name, dns_rdatatype_t type,
dns_name_t **noqname)
{
dns_rdataset_t *nrdataset, *next, *sigrdataset;
dns_rdata_rrsig_t rrsig;
isc_result_t result;
unsigned int labels;
dns_section_t section;
dns_name_t *zonename;
dns_fixedname_t fzonename;
dns_name_t *closest;
dns_fixedname_t fclosest;
dns_name_t *nearest;
dns_fixedname_t fnearest;
FCTXTRACE("findnoqname");
REQUIRE(noqname != NULL && *noqname == NULL);
/*
* Find the SIG for this rdataset, if we have it.
*/
for (sigrdataset = ISC_LIST_HEAD(name->list);
sigrdataset != NULL;
sigrdataset = ISC_LIST_NEXT(sigrdataset, link)) {
if (sigrdataset->type == dns_rdatatype_rrsig &&
sigrdataset->covers == type)
break;
}
if (sigrdataset == NULL)
return (ISC_R_NOTFOUND);
labels = dns_name_countlabels(name);
for (result = dns_rdataset_first(sigrdataset);
result == ISC_R_SUCCESS;
result = dns_rdataset_next(sigrdataset)) {
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_current(sigrdataset, &rdata);
result = dns_rdata_tostruct(&rdata, &rrsig, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
/* Wildcard has rrsig.labels < labels - 1. */
if (rrsig.labels + 1U >= labels)
continue;
break;
}
if (result == ISC_R_NOMORE)
return (ISC_R_NOTFOUND);
if (result != ISC_R_SUCCESS)
return (result);
dns_fixedname_init(&fzonename);
zonename = dns_fixedname_name(&fzonename);
dns_fixedname_init(&fclosest);
closest = dns_fixedname_name(&fclosest);
dns_fixedname_init(&fnearest);
nearest = dns_fixedname_name(&fnearest);
#define NXND(x) ((x) == ISC_R_SUCCESS)
section = DNS_SECTION_AUTHORITY;
for (result = dns_message_firstname(fctx->rmessage, section);
result == ISC_R_SUCCESS;
result = dns_message_nextname(fctx->rmessage, section)) {
dns_name_t *nsec = NULL;
dns_message_currentname(fctx->rmessage, section, &nsec);
for (nrdataset = ISC_LIST_HEAD(nsec->list);
nrdataset != NULL; nrdataset = next) {
isc_boolean_t data = ISC_FALSE, exists = ISC_FALSE;
isc_boolean_t optout = ISC_FALSE, unknown = ISC_FALSE;
isc_boolean_t setclosest = ISC_FALSE;
isc_boolean_t setnearest = ISC_FALSE;
char namebuf[DNS_NAME_FORMATSIZE];
next = ISC_LIST_NEXT(nrdataset, link);
if (nrdataset->type != dns_rdatatype_nsec &&
nrdataset->type != dns_rdatatype_nsec3)
continue;
dns_name_format(nsec, namebuf, sizeof(namebuf));
if (nrdataset->type == dns_rdatatype_nsec &&
NXND(dns_nsec_noexistnodata(type, name, nsec,
nrdataset, &exists,
&data, NULL, fctx_log,
fctx)))
{
if (!exists)
*noqname = nsec;
}
if (nrdataset->type == dns_rdatatype_nsec3 &&
NXND(dns_nsec3_noexistnodata(type, name, nsec,
nrdataset, zonename,
&exists, &data,
&optout, &unknown,
&setclosest,
&setnearest,
closest, nearest,
fctx_log, fctx)))
{
if (!exists && setnearest)
*noqname = nsec;
}
}
}
if (result == ISC_R_NOMORE)
result = ISC_R_SUCCESS;
return (result);
}
static inline isc_result_t
cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
isc_stdtime_t now)
@ -4526,6 +4670,17 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
if (rdataset->ttl > res->view->maxcachettl)
rdataset->ttl = res->view->maxcachettl;
/*
* Find the SIG for this rdataset, if we have it.
*/
for (sigrdataset = ISC_LIST_HEAD(name->list);
sigrdataset != NULL;
sigrdataset = ISC_LIST_NEXT(sigrdataset, link)) {
if (sigrdataset->type == dns_rdatatype_rrsig &&
sigrdataset->covers == rdataset->type)
break;
}
/*
* If this RRset is in a secure domain, is in bailiwick,
* and is not glue, attempt DNSSEC validation. (We do not
@ -4546,16 +4701,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
*/
if (rdataset->type == dns_rdatatype_rrsig)
continue;
/*
* Find the SIG for this rdataset, if we have it.
*/
for (sigrdataset = ISC_LIST_HEAD(name->list);
sigrdataset != NULL;
sigrdataset = ISC_LIST_NEXT(sigrdataset, link)) {
if (sigrdataset->type == dns_rdatatype_rrsig &&
sigrdataset->covers == rdataset->type)
break;
}
if (sigrdataset == NULL) {
if (!ANSWER(rdataset) && need_validation) {
/*
@ -4716,6 +4862,21 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
options = DNS_DBADD_FORCE;
} else
options = 0;
if (ANSWER(rdataset) &&
rdataset->type != dns_rdatatype_rrsig) {
isc_result_t tresult;
dns_name_t *noqname = NULL;
tresult = findnoqname(fctx, name,
rdataset->type, &noqname);
if (tresult == ISC_R_SUCCESS &&
noqname != NULL) {
tresult = dns_rdataset_addnoqname(
rdataset, noqname);
RUNTIME_CHECK(tresult == ISC_R_SUCCESS);
}
}
/*
* Now we can add the rdataset.
*/
@ -4724,6 +4885,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
rdataset,
options,
addedrdataset);
if (result == DNS_R_UNCHANGED) {
if (ANSWER(rdataset) &&
ardataset != NULL &&

Some files were not shown because too many files have changed in this diff Show more