diff --git a/CHANGES b/CHANGES index 3996b7e4be..0ea9598bbd 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,50 @@ +3449. [bug] gen.c: use the pre-processor to construct format + strings so that compiler can perform sanity checks; + check the snprintf results. [RT #17576] + +3448. [bug] The allow-query-on ACL was not processed correctly. + [RT #29486] + +3447. [port] Add support for libxml2-2.9.x [RT #32231] + +3446. [port] win32: Add source ID (see change #3400) to build. + [RT #31683] + +3445. [bug] Reject zone files with blank owner names immediately + after $ORIGIN directives. [RT #31848] + +3444. [bug] The NOQNAME proof was not being returned from cached + insecure responses. [RT #21409] + +3443. [bug] ddns-confgen: Some TSIG algorithms were incorrectly + rejected when generating keys. [RT #31927] + +3442. [port] Net::DNS 0.69 introduced a non backwards compatible + change. [RT #32216] + +3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13. + +3440. [bug] Reorder get_key_struct to not trigger a assertion when + cleaning up due to out of memory error. [RT #32131] + +3439. [bug] contrib/dlz error checking fixes. [RT #32102] + +3438. [bug] Don't accept unknown data escape in quotes. [RT #32031] + +3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialise + buffers with constant data. [RT #32064] + +3436. [bug] Check malloc/calloc return values. [RT #32088] + +3435. [bug] Cross compilation support in configure was broken. + [RT #32078] + +3431. [bug] ddns-confgen: Some valid key algorithms were + not accepted. [RT #31927] + +3430. [bug] win32: isc_time_formatISO8601 was missing the + 'T' between the date and time. [RT #32044] + 3429. [bug] dns_zone_getserial2 could a return success without returning a valid serial. [RT #32007] diff --git a/COPYRIGHT b/COPYRIGHT index fa32867931..525c2228db 100644 --- a/COPYRIGHT +++ b/COPYRIGHT @@ -1,4 +1,4 @@ -Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") +Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") Copyright (C) 1996-2003 Internet Software Consortium. Permission to use, copy, modify, and/or distribute this software for any diff --git a/bin/check/check-tool.c b/bin/check/check-tool.c index 436fa683d1..1e534071d0 100644 --- a/bin/check/check-tool.c +++ b/bin/check/check-tool.c @@ -600,7 +600,7 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename, dns_zone_settype(zone, dns_zone_master); - isc_buffer_init(&buffer, zonename, strlen(zonename)); + isc_buffer_constinit(&buffer, zonename, strlen(zonename)); isc_buffer_add(&buffer, strlen(zonename)); dns_fixedname_init(&fixorigin); origin = dns_fixedname_name(&fixorigin); diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c index a5db317700..787a93f1a7 100644 --- a/bin/confgen/keygen.c +++ b/bin/confgen/keygen.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -126,6 +126,7 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg, switch (alg) { case DST_ALG_HMACMD5: + case DST_ALG_HMACSHA512: if (keysize < 1 || keysize > 512) fatal("keysize %d out of range (must be 1-512)\n", keysize); @@ -135,6 +136,21 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg, fatal("keysize %d out of range (must be 1-256)\n", keysize); break; + case DST_ALG_HMACSHA1: + if (keysize < 1 || keysize > 160) + fatal("keysize %d out of range (must be 1-160)\n", + keysize); + break; + case DST_ALG_HMACSHA224: + if (keysize < 1 || keysize > 224) + fatal("keysize %d out of range (must be 1-224)\n", + keysize); + break; + case DST_ALG_HMACSHA384: + if (keysize < 1 || keysize > 384) + fatal("keysize %d out of range (must be 1-384)\n", + keysize); + break; default: fatal("unsupported algorithm %d\n", alg); } diff --git a/bin/dig/dig.c b/bin/dig/dig.c index cbe3705963..203ed4eb94 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -259,7 +259,7 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) { time(&tnow); tmnow = *localtime(&tnow); if (strftime(time_str, sizeof(time_str), - "%a %b %d %T %Z %Y", &tmnow) > 0) + "%a %b %d %T %Z %Y", &tmnow) > 0U) printf(";; WHEN: %s\n", time_str); if (query->lookup->doing_xfr) { printf(";; XFR size: %u records (messages %u, " diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index 7030683612..4965a661b3 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -720,6 +720,8 @@ hashlist_add(hashlist_t *l, const unsigned char *hash, size_t len) if (l->entries == l->size) { l->size = l->size * 2 + 100; l->hashbuf = realloc(l->hashbuf, l->size * l->length); + if (l->hashbuf == NULL) + fatal("unable to grow hashlist: out of memory"); } memset(l->hashbuf + l->entries * l->length, 0, l->length); memcpy(l->hashbuf + l->entries * l->length, hash, len); diff --git a/bin/named/client.c b/bin/named/client.c index 0cf08b4997..933abc7631 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -2510,10 +2510,10 @@ ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, return (ISC_R_SUCCESS); cleanup_listlock: - isc_mutex_destroy(&manager->listlock); + (void) isc_mutex_destroy(&manager->listlock); cleanup_lock: - isc_mutex_destroy(&manager->lock); + (void) isc_mutex_destroy(&manager->lock); cleanup_manager: isc_mem_put(manager->mctx, manager, sizeof(*manager)); diff --git a/bin/named/config.c b/bin/named/config.c index 4c44201274..5626e118ef 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -657,7 +657,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, dns_name_init(keys[i - 1], NULL); keystr = cfg_obj_asstring(key); - isc_buffer_init(&b, keystr, strlen(keystr)); + isc_buffer_constinit(&b, keystr, strlen(keystr)); isc_buffer_add(&b, strlen(keystr)); dns_fixedname_init(&fname); result = dns_name_fromtext(dns_fixedname_name(&fname), &b, diff --git a/bin/named/lwresd.c b/bin/named/lwresd.c index 11198a4324..7ee2196364 100644 --- a/bin/named/lwresd.c +++ b/bin/named/lwresd.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -368,7 +368,7 @@ ns_lwdmanager_create(isc_mem_t *mctx, const cfg_obj_t *lwres, dns_fixedname_init(&fname); name = dns_fixedname_name(&fname); - isc_buffer_init(&namebuf, searchstr, + isc_buffer_constinit(&namebuf, searchstr, strlen(searchstr)); isc_buffer_add(&namebuf, strlen(searchstr)); result = dns_name_fromtext(name, &namebuf, diff --git a/bin/named/query.c b/bin/named/query.c index e1ff03287f..0e6cbf0d84 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -682,7 +682,7 @@ query_validatezonedb(ns_client_t *client, dns_name_t *name, dns_dbversion_t **versionp) { isc_result_t result; - dns_acl_t *queryacl; + dns_acl_t *queryacl, *queryonacl; ns_dbversion_t *dbversion; REQUIRE(zone != NULL); @@ -794,6 +794,21 @@ query_validatezonedb(ns_client_t *client, dns_name_t *name, client->query.attributes |= NS_QUERYATTR_QUERYOKVALID; } + /* If and only if we've gotten this far, check allow-query-on too */ + if (result == ISC_R_SUCCESS) { + queryonacl = dns_zone_getqueryonacl(zone); + if (queryonacl == NULL) + queryonacl = client->view->queryonacl; + + result = ns_client_checkaclsilent(client, NULL, + queryonacl, ISC_TRUE); + if ((options & DNS_GETDB_NOLOG) == 0 && + result != ISC_R_SUCCESS) + ns_client_log(client, DNS_LOGCATEGORY_SECURITY, + NS_LOGMODULE_QUERY, ISC_LOG_INFO, + "query-on denied"); + } + dbversion->acl_checked = ISC_TRUE; if (result != ISC_R_SUCCESS) { dbversion->queryok = ISC_FALSE; @@ -4211,6 +4226,8 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef, dns_clientinfomethods_t cm; dns_clientinfo_t ci; + REQUIRE(nodep != NULL); + dns_clientinfomethods_init(&cm, ns_client_sourceip); dns_clientinfo_init(&ci, client); diff --git a/bin/named/server.c b/bin/named/server.c index fca62ebbc6..526d3e5fed 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -523,7 +523,7 @@ configure_view_nametable(const cfg_obj_t *vconfig, const cfg_obj_t *config, element = cfg_list_next(element)) { nameobj = cfg_listelt_value(element); str = cfg_obj_asstring(nameobj); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL)); /* @@ -640,7 +640,7 @@ dstkey_fromconfig(const cfg_obj_t *vconfig, const cfg_obj_t *key, keystruct.common.rdtype, &keystruct, &rrdatabuf)); dns_fixedname_init(&fkeyname); - isc_buffer_init(&namebuf, keynamestr, strlen(keynamestr)); + isc_buffer_constinit(&namebuf, keynamestr, strlen(keynamestr)); isc_buffer_add(&namebuf, strlen(keynamestr)); CHECK(dns_name_fromtext(keyname, &namebuf, dns_rootname, 0, NULL)); CHECK(dst_key_fromdns(keyname, viewclass, &rrdatabuf, @@ -910,7 +910,7 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver) { { obj = cfg_listelt_value(element); str = cfg_obj_asstring(cfg_tuple_get(obj, "name")); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL)); value = cfg_obj_asboolean(cfg_tuple_get(obj, "value")); @@ -1063,7 +1063,7 @@ configure_order(dns_order_t *order, const cfg_obj_t *ent) { else str = "*"; addroot = ISC_TF(strcmp(str, "*") == 0); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); dns_fixedname_init(&fixed); result = dns_name_fromtext(dns_fixedname_name(&fixed), &b, @@ -1249,7 +1249,7 @@ disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) { dns_fixedname_init(&fixed); name = dns_fixedname_name(&fixed); str = cfg_obj_asstring(cfg_tuple_get(disabled, "name")); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL)); @@ -1301,7 +1301,7 @@ on_disable_list(const cfg_obj_t *disablelist, dns_name_t *zonename) { { value = cfg_listelt_value(element); str = cfg_obj_asstring(value); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL); @@ -1485,7 +1485,7 @@ dns64_reverse(dns_view_t *view, isc_mem_t *mctx, isc_netaddr_t *na, dns64_dbtype[3] = contact; dns_fixedname_init(&fixed); name = dns_fixedname_name(&fixed); - isc_buffer_init(&b, reverse, strlen(reverse)); + isc_buffer_constinit(&b, reverse, strlen(reverse)); isc_buffer_add(&b, strlen(reverse)); CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL)); CHECK(dns_zone_create(&zone, mctx)); @@ -2734,7 +2734,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, obj = cfg_listelt_value(element); str = cfg_obj_asstring(cfg_tuple_get(obj, "trust-anchor")); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); dlv = dns_fixedname_name(&view->dlv_fixed); CHECK(dns_name_fromtext(dlv, &b, dns_rootname, @@ -2787,7 +2787,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, element = cfg_list_next(element)) { exclude = cfg_listelt_value(element); str = cfg_obj_asstring(exclude); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL)); @@ -2837,7 +2837,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, result = ns_config_get(maps, "empty-server", &obj); if (result == ISC_R_SUCCESS) { str = cfg_obj_asstring(obj); - isc_buffer_init(&buffer, str, strlen(str)); + isc_buffer_constinit(&buffer, str, strlen(str)); isc_buffer_add(&buffer, strlen(str)); CHECK(dns_name_fromtext(name, &buffer, dns_rootname, 0, NULL)); @@ -2852,7 +2852,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, result = ns_config_get(maps, "empty-contact", &obj); if (result == ISC_R_SUCCESS) { str = cfg_obj_asstring(obj); - isc_buffer_init(&buffer, str, strlen(str)); + isc_buffer_constinit(&buffer, str, strlen(str)); isc_buffer_add(&buffer, strlen(str)); CHECK(dns_name_fromtext(name, &buffer, dns_rootname, 0, NULL)); @@ -2875,7 +2875,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, dns_forwarders_t *forwarders = NULL; dns_view_t *pview = NULL; - isc_buffer_init(&buffer, empty, strlen(empty)); + isc_buffer_constinit(&buffer, empty, strlen(empty)); isc_buffer_add(&buffer, strlen(empty)); /* * Look for zone on drop list. @@ -3102,7 +3102,7 @@ configure_alternates(const cfg_obj_t *config, dns_view_t *view, isc_buffer_t buffer; in_port_t myport = port; - isc_buffer_init(&buffer, str, strlen(str)); + isc_buffer_constinit(&buffer, str, strlen(str)); isc_buffer_add(&buffer, strlen(str)); dns_fixedname_init(&fixed); name = dns_fixedname_name(&fixed); @@ -3366,7 +3366,7 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, * Get the zone origin as a dns_name_t. */ zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name")); - isc_buffer_init(&buffer, zname, strlen(zname)); + isc_buffer_constinit(&buffer, zname, strlen(zname)); isc_buffer_add(&buffer, strlen(zname)); dns_fixedname_init(&fixorigin); CHECK(dns_name_fromtext(dns_fixedname_name(&fixorigin), @@ -4256,7 +4256,7 @@ configure_session_key(const cfg_obj_t **maps, ns_server_t *server, INSIST(result == ISC_R_SUCCESS); keynamestr = cfg_obj_asstring(obj); dns_fixedname_init(&fname); - isc_buffer_init(&buffer, keynamestr, strlen(keynamestr)); + isc_buffer_constinit(&buffer, keynamestr, strlen(keynamestr)); isc_buffer_add(&buffer, strlen(keynamestr)); keyname = dns_fixedname_name(&fname); result = dns_name_fromtext(keyname, &buffer, dns_rootname, 0, NULL); @@ -6076,7 +6076,7 @@ zone_from_args(ns_server_t *server, char *args, const char *zonetxt, viewtxt = next_token(&input, " \t"); } - isc_buffer_init(&buf, zonetxt, strlen(zonetxt)); + isc_buffer_constinit(&buf, zonetxt, strlen(zonetxt)); isc_buffer_add(&buf, strlen(zonetxt)); dns_fixedname_init(&name); result = dns_name_fromtext(dns_fixedname_name(&name), @@ -7013,7 +7013,7 @@ ns_server_flushnode(ns_server_t *server, char *args, isc_boolean_t tree) { if (target == NULL) return (ISC_R_UNEXPECTEDEND); - isc_buffer_init(&b, target, strlen(target)); + isc_buffer_constinit(&b, target, strlen(target)); isc_buffer_add(&b, strlen(target)); dns_fixedname_init(&fixed); name = dns_fixedname_name(&fixed); @@ -7686,7 +7686,7 @@ ns_server_add_zone(ns_server_t *server, char *args) { CHECK(cfg_map_get(config, "addzone", &parms)); zonename = cfg_obj_asstring(cfg_tuple_get(parms, "name")); - isc_buffer_init(&buf, zonename, strlen(zonename)); + isc_buffer_constinit(&buf, zonename, strlen(zonename)); isc_buffer_add(&buf, strlen(zonename)); dns_name_init(&dnsname, NULL); isc_buffer_allocate(server->mctx, &nbuf, 256); diff --git a/bin/named/tkeyconf.c b/bin/named/tkeyconf.c index 6d852a0871..e9520592dc 100644 --- a/bin/named/tkeyconf.c +++ b/bin/named/tkeyconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -73,7 +73,7 @@ ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx, if (result == ISC_R_SUCCESS) { s = cfg_obj_asstring(cfg_tuple_get(obj, "name")); n = cfg_obj_asuint32(cfg_tuple_get(obj, "keyid")); - isc_buffer_init(&b, s, strlen(s)); + isc_buffer_constinit(&b, s, strlen(s)); isc_buffer_add(&b, strlen(s)); dns_fixedname_init(&fname); name = dns_fixedname_name(&fname); @@ -87,7 +87,7 @@ ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx, result = cfg_map_get(options, "tkey-domain", &obj); if (result == ISC_R_SUCCESS) { s = cfg_obj_asstring(obj); - isc_buffer_init(&b, s, strlen(s)); + isc_buffer_constinit(&b, s, strlen(s)); isc_buffer_add(&b, strlen(s)); dns_fixedname_init(&fname); name = dns_fixedname_name(&fname); @@ -106,7 +106,7 @@ ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx, if (result == ISC_R_SUCCESS) { s = cfg_obj_asstring(obj); - isc_buffer_init(&b, s, strlen(s)); + isc_buffer_constinit(&b, s, strlen(s)); isc_buffer_add(&b, strlen(s)); dns_fixedname_init(&fname); name = dns_fixedname_name(&fname); diff --git a/bin/named/tsigconf.c b/bin/named/tsigconf.c index 776b1b9f83..eef87e9304 100644 --- a/bin/named/tsigconf.c +++ b/bin/named/tsigconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -78,7 +78,7 @@ add_initial_keys(const cfg_obj_t *list, dns_tsig_keyring_t *ring, * Create the key name. */ dns_name_init(&keyname, NULL); - isc_buffer_init(&keynamesrc, keyid, strlen(keyid)); + isc_buffer_constinit(&keynamesrc, keyid, strlen(keyid)); isc_buffer_add(&keynamesrc, strlen(keyid)); isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata)); ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname, diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index e31ae7fccb..65f2d6c48d 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -56,6 +56,7 @@ typedef enum { allow_notify, allow_query, + allow_query_on, allow_transfer, allow_update, allow_update_forwarding @@ -104,6 +105,11 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig, aclp = &view->queryacl; aclname = "allow-query"; break; + case allow_query_on: + if (view != NULL) + aclp = &view->queryonacl; + aclname = "allow-query-on"; + break; case allow_transfer: if (view != NULL) aclp = &view->transferacl; @@ -269,7 +275,7 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone, dns_fixedname_init(&fident); str = cfg_obj_asstring(identity); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); result = dns_name_fromtext(dns_fixedname_name(&fident), &b, dns_rootname, 0, NULL); @@ -292,7 +298,7 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone, } } else { str = cfg_obj_asstring(dname); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); result = dns_name_fromtext(dns_fixedname_name(&fname), &b, dns_rootname, 0, NULL); @@ -525,7 +531,7 @@ configure_staticstub_servernames(const cfg_obj_t *zconfig, dns_zone_t *zone, dns_fixedname_init(&fixed_name); nsname = dns_fixedname_name(&fixed_name); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); result = dns_name_fromtext(nsname, &b, dns_rootname, 0, NULL); if (result != ISC_R_SUCCESS) { @@ -970,6 +976,11 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, dns_zone_setqueryacl, dns_zone_clearqueryacl)); + RETERR(configure_zone_acl(zconfig, vconfig, config, + allow_query_on, ac, zone, + dns_zone_setqueryonacl, + dns_zone_clearqueryonacl)); + obj = NULL; result = ns_config_get(maps, "dialup", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); diff --git a/bin/python/Makefile.in b/bin/python/Makefile.in index 3b3e6f7a42..fe647fdde7 100644 --- a/bin/python/Makefile.in +++ b/bin/python/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -12,6 +12,8 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. +# $Id$ + srcdir = @srcdir@ VPATH = @srcdir@ top_srcdir = @top_srcdir@ diff --git a/bin/python/dnssec-checkds.docbook b/bin/python/dnssec-checkds.docbook index 6f3dfc4023..3ba044d7d9 100644 --- a/bin/python/dnssec-checkds.docbook +++ b/bin/python/dnssec-checkds.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []> + + April 11, 2012 @@ -36,6 +38,7 @@ 2012 + 2013 Internet Systems Consortium, Inc. ("ISC") diff --git a/bin/python/dnssec-checkds.py.in b/bin/python/dnssec-checkds.py.in index ebdb885b38..ffb2f98011 100644 --- a/bin/python/dnssec-checkds.py.in +++ b/bin/python/dnssec-checkds.py.in @@ -1,6 +1,6 @@ #!@PYTHON@ ############################################################################ -# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -15,6 +15,8 @@ # PERFORMANCE OF THIS SOFTWARE. ############################################################################ +# $Id$ + import argparse import pprint import os diff --git a/bin/tests/adb_test.c b/bin/tests/adb_test.c index 584a732508..2caf43bf64 100644 --- a/bin/tests/adb_test.c +++ b/bin/tests/adb_test.c @@ -245,7 +245,7 @@ lookup(const char *target) { INSIST(target != NULL); client = new_client(); - isc_buffer_init(&t, target, strlen(target)); + isc_buffer_constinit(&t, target, strlen(target)); isc_buffer_add(&t, strlen(target)); isc_buffer_init(&namebuf, namedata, sizeof(namedata)); dns_name_init(&name, NULL); diff --git a/bin/tests/db/t_db.c b/bin/tests/db/t_db.c index 54ef5a647d..e30739db30 100644 --- a/bin/tests/db/t_db.c +++ b/bin/tests/db/t_db.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -58,7 +58,7 @@ t_create(const char *db_type, const char *origin, const char *class, dns_fixedname_init(&dns_origin); len = strlen(origin); - isc_buffer_init(&origin_buffer, origin, len); + isc_buffer_constinit(&origin_buffer, origin, len); isc_buffer_add(&origin_buffer, len); dns_result = dns_name_fromtext(dns_fixedname_name(&dns_origin), &origin_buffer, NULL, 0, NULL); diff --git a/bin/tests/db_test.c b/bin/tests/db_test.c index 9019ca53fe..d72bf4f313 100644 --- a/bin/tests/db_test.c +++ b/bin/tests/db_test.c @@ -261,7 +261,7 @@ load(const char *filename, const char *origintext, isc_boolean_t cache) { ISC_LINK_INIT(dbi, link); len = strlen(origintext); - isc_buffer_init(&source, origintext, len); + isc_buffer_constinit(&source, origintext, len); isc_buffer_add(&source, len); dns_fixedname_init(&forigin); origin = dns_fixedname_name(&forigin); diff --git a/bin/tests/dst/dst_test.c b/bin/tests/dst/dst_test.c index ac1327c99f..bf305d8675 100644 --- a/bin/tests/dst/dst_test.c +++ b/bin/tests/dst/dst_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -54,7 +54,7 @@ use(dst_key_t *key, isc_mem_t *mctx) { */ isc_buffer_add(&sigbuf, 1); - isc_buffer_init(&databuf, data, strlen(data)); + isc_buffer_constinit(&databuf, data, strlen(data)); isc_buffer_add(&databuf, strlen(data)); isc_buffer_usedregion(&databuf, &datareg); @@ -262,7 +262,7 @@ main(void) { dns_fixedname_init(&fname); name = dns_fixedname_name(&fname); - isc_buffer_init(&b, "test.", 5); + isc_buffer_constinit(&b, "test.", 5); isc_buffer_add(&b, 5); result = dns_name_fromtext(name, &b, NULL, 0, NULL); if (result != ISC_R_SUCCESS) @@ -274,7 +274,7 @@ main(void) { io(name, 49667, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx); io(name, 2, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx); - isc_buffer_init(&b, "dh.", 3); + isc_buffer_constinit(&b, "dh.", 3); isc_buffer_add(&b, 3); result = dns_name_fromtext(name, &b, NULL, 0, NULL); if (result != ISC_R_SUCCESS) diff --git a/bin/tests/dst/t_dst.c b/bin/tests/dst/t_dst.c index 75a2a40ff1..e431c951bb 100644 --- a/bin/tests/dst/t_dst.c +++ b/bin/tests/dst/t_dst.c @@ -104,7 +104,7 @@ use(dst_key_t *key, isc_mem_t *mctx, isc_result_t exp_result, int *nfails) { dst_context_t *ctx = NULL; isc_buffer_init(&sigbuf, sig, sizeof(sig)); - isc_buffer_init(&databuf, data, strlen(data)); + isc_buffer_constinit(&databuf, data, strlen(data)); isc_buffer_add(&databuf, strlen(data)); isc_buffer_usedregion(&databuf, &datareg); @@ -466,7 +466,7 @@ t1(void) { dns_fixedname_init(&fname); name = dns_fixedname_name(&fname); - isc_buffer_init(&b, "test.", 5); + isc_buffer_constinit(&b, "test.", 5); isc_buffer_add(&b, 5); isc_result = dns_name_fromtext(name, &b, NULL, 0, NULL); if (isc_result != ISC_R_SUCCESS) { @@ -488,7 +488,7 @@ t1(void) { io(name, 2, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx, DST_R_NULLKEY, &nfails, &nprobs); - isc_buffer_init(&b, "dh.", 3); + isc_buffer_constinit(&b, "dh.", 3); isc_buffer_add(&b, 3); isc_result = dns_name_fromtext(name, &b, NULL, 0, NULL); if (isc_result != ISC_R_SUCCESS) { @@ -750,7 +750,7 @@ t2_sigchk(char *datapath, char *sigpath, char *keyname, */ dns_fixedname_init(&fname); name = dns_fixedname_name(&fname); - isc_buffer_init(&b, keyname, strlen(keyname)); + isc_buffer_constinit(&b, keyname, strlen(keyname)); isc_buffer_add(&b, strlen(keyname)); isc_result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL); if (isc_result != ISC_R_SUCCESS) { diff --git a/bin/tests/names/t_names.c b/bin/tests/names/t_names.c index 5271d8929f..a0b3f89de1 100644 --- a/bin/tests/names/t_names.c +++ b/bin/tests/names/t_names.c @@ -2194,7 +2194,8 @@ static const char *a52 = static int test_dns_name_towire(char *testname, unsigned int dc_method, char *exp_data, - int exp_data_len, isc_result_t exp_result, size_t buflen) + size_t exp_data_len, isc_result_t exp_result, + size_t buflen) { int result; int val; @@ -2263,6 +2264,7 @@ t_dns_name_towire_x(const char *testfile, size_t buflen) { int result; unsigned int dc_method; isc_result_t exp_result; + size_t exp_data_len; char *p; FILE *fp; @@ -2292,11 +2294,12 @@ t_dns_name_towire_x(const char *testfile, size_t buflen) { dc_method = t_dc_method_fromtext(Tokens[3]); exp_result = t_dns_result_fromtext(Tokens[4]); + exp_data_len = strtoul(Tokens[3], NULL, 10); result = test_dns_name_towire(Tokens[0], dc_method, Tokens[2], - atoi(Tokens[3]), + exp_data_len, exp_result, buflen); } else { diff --git a/bin/tests/sig0_test.c b/bin/tests/sig0_test.c index 296356af76..deabf47c16 100644 --- a/bin/tests/sig0_test.c +++ b/bin/tests/sig0_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -261,7 +261,7 @@ main(int argc, char *argv[]) { dns_fixedname_init(&fname); name = dns_fixedname_name(&fname); - isc_buffer_init(&b, "child.example.", strlen("child.example.")); + isc_buffer_constinit(&b, "child.example.", strlen("child.example.")); isc_buffer_add(&b, strlen("child.example.")); result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL); CHECK("dns_name_fromtext", result); diff --git a/bin/tests/system/allow_query/ns2/named57.conf b/bin/tests/system/allow_query/ns2/named57.conf new file mode 100644 index 0000000000..ac0f04d626 --- /dev/null +++ b/bin/tests/system/allow_query/ns2/named57.conf @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +controls { /* empty */ }; + +options { + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + recursion no; +}; + +include "../../common/controls.conf"; + +view "internal" { + allow-query-on { any; }; + + zone "." { + type hint; + file "../../common/root.hint"; + }; + + zone "normal.example" { + type master; + file "normal.db"; + }; + + zone "aclnotallow.example" { + type master; + file "aclnotallow.db"; + allow-query-on { none; }; + }; +}; diff --git a/bin/tests/system/allow_query/tests.sh b/bin/tests/system/allow_query/tests.sh index 4121ec06f0..26351d2768 100644 --- a/bin/tests/system/allow_query/tests.sh +++ b/bin/tests/system/allow_query/tests.sh @@ -612,6 +612,23 @@ grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +# Test 57 - zones over views, zones disallow, query refused (allow-query-on) +n=`expr $n + 1` +cp -f ns2/named57.conf ns2/named.conf +$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' +sleep 5 + +echo "I:test $n: zones over views, allow-query-on" +ret=0 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.1.$n || ret=1 +grep 'status: NOERROR' dig.out.ns2.1.$n > /dev/null || ret=1 +grep '^a.normal.example' dig.out.ns2.1.$n > /dev/null || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a > dig.out.ns2.2.$n || ret=1 +grep 'status: REFUSED' dig.out.ns2.2.$n > /dev/null || ret=1 +grep '^a.aclnotallow.example' dig.out.ns2.2.$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/ans.pl b/bin/tests/system/ans.pl index 2b078a666c..d6ff3c286b 100644 --- a/bin/tests/system/ans.pl +++ b/bin/tests/system/ans.pl @@ -107,9 +107,16 @@ $SIG{TERM} = \&rmpid; my @rules; sub handleUDP { my ($buf) = @_; + my $request; - my ($request, $err) = new Net::DNS::Packet(\$buf, 0); - $err and die $err; + if ($Net::DNS::VERSION > 0.68) { + $request = new Net::DNS::Packet(\$buf, 0); + $@ and die $@; + } else { + my $err; + ($request, $err) = new Net::DNS::Packet(\$buf, 0); + $err and die $err; + } my @questions = $request->question; my $qname = $questions[0]->qname; @@ -155,11 +162,13 @@ sub handleUDP { # function will attempt to decrement it, # which is incorrect in a response. Finally # we set request_mac to the previous digest. - $packet->{"compnames"} = {}; - $packet->{"header"}{"arcount"} += 1; + $packet->{"compnames"} = {} + if ($Net::DNS::VERSION < 0.70); + $packet->{"header"}{"arcount"} += 1 + if ($Net::DNS::VERSION < 0.70); if (defined($prev_tsig)) { my $rmac = pack('n H*', - $prev_tsig->mac_size, + length($prev_tsig->mac)/2, $prev_tsig->mac); $tsig->{"request_mac"} = unpack("H*", $rmac); @@ -288,9 +297,16 @@ sub sign_tcp_continuation { sub handleTCP { my ($buf) = @_; + my $request; - my ($request, $err) = new Net::DNS::Packet(\$buf, 0); - $err and die $err; + if ($Net::DNS::VERSION > 0.68) { + $request = new Net::DNS::Packet(\$buf, 0); + $@ and die $@; + } else { + my $err; + ($request, $err) = new Net::DNS::Packet(\$buf, 0); + $err and die $err; + } my @questions = $request->question; my $qname = $questions[0]->qname; @@ -306,6 +322,7 @@ sub handleTCP { # get the existing signature if any, and clear the additional section my $prev_tsig; my $signer; + my $continuation = 0; while (my $rr = $request->pop("additional")) { if ($rr->type eq "TSIG") { $prev_tsig = $rr; @@ -342,19 +359,25 @@ sub handleTCP { # function will attempt to decrement it, # which is incorrect in a response. Finally # we set request_mac to the previous digest. - $packet->{"compnames"} = {}; - $packet->{"header"}{"arcount"} += 1; + $packet->{"compnames"} = {} + if ($Net::DNS::VERSION < 0.70); + $packet->{"header"}{"arcount"} += 1 + if ($Net::DNS::VERSION < 0.70); if (defined($prev_tsig)) { my $rmac = pack('n H*', - $prev_tsig->mac_size, + length($prev_tsig->mac)/2, $prev_tsig->mac); $tsig->{"request_mac"} = unpack("H*", $rmac); } $tsig->sign_func($signer) if defined($signer); + $tsig->continuation($continuation) + if ($Net::DNS::VERSION >= 0.71); $packet->sign_tsig($tsig); - $signer = \&sign_tcp_continuation; + $signer = \&sign_tcp_continuation + if ($Net::DNS::VERSION < 0.70); + $continuation = 1; my $copy = Net::DNS::Packet->new(\($packet->data)); diff --git a/bin/tests/system/autosign/clean.sh b/bin/tests/system/autosign/clean.sh index a3904445cb..c02b23ff08 100644 --- a/bin/tests/system/autosign/clean.sh +++ b/bin/tests/system/autosign/clean.sh @@ -52,3 +52,4 @@ rm -f ns3/nozsk.example.db ns3/inaczsk.example.db rm -f ns3/ttl*.db rm -f signing.out.* rm -f ns3/*.nzf +rm -f digcomp.out.test* diff --git a/bin/tests/system/autosign/tests.sh b/bin/tests/system/autosign/tests.sh index cf9eb416e4..d15cc6bb53 100644 --- a/bin/tests/system/autosign/tests.sh +++ b/bin/tests/system/autosign/tests.sh @@ -240,13 +240,18 @@ $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 sync 2>&1 | sed 's/^/I:ns2 /' $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 sync 2>&1 | sed 's/^/I:ns3 /' echo "I:checking expired signatures were updated ($n)" -ret=0 -$DIG $DIGOPTS +noauth a.oldsigs.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 -$DIG $DIGOPTS +noauth a.oldsigs.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 -$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1 -grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 +for i in 1 2 3 4 5 6 7 8 9 +do + ret=0 + $DIG $DIGOPTS +noauth a.oldsigs.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1 + $DIG $DIGOPTS +noauth a.oldsigs.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1 + $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n > digcomp.out.test$n || ret=1 + grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1 + [ $ret = 0 ] && break + sleep 1 +done +if [ $ret != 0 ]; then cat digcomp.out.test$n; echo "I:failed"; fi n=`expr $n + 1` -if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` echo "I:checking NSEC->NSEC3 conversion succeeded ($n)" diff --git a/bin/tests/system/cacheclean/ns1/example.db b/bin/tests/system/cacheclean/ns1/example.db index 54db5a1f39..38a05d2f77 100644 --- a/bin/tests/system/cacheclean/ns1/example.db +++ b/bin/tests/system/cacheclean/ns1/example.db @@ -1,4 +1,4 @@ -; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +; Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC") ; Copyright (C) 2001 Internet Software Consortium. ; ; Permission to use, copy, modify, and/or distribute this software for any @@ -606,7 +606,6 @@ NS0 IN A 202.12.30.131 ns1 IN A 202.12.30.33 $ORIGIN WIDE.AD.JP. NS IN A 203.178.136.63 -$ORIGIN co.JP. IN MX 10 integra.s-integra.co.jp. $ORIGIN s-integra.co.JP. integra IN A 210.162.202.34 @@ -1175,7 +1174,6 @@ $ORIGIN ADVSYS.CO.UK. BARNEY IN A 194.72.124.2 $ORIGIN WR.UMIST.AC.UK. AARDVARK IN A 130.88.146.3 -$ORIGIN UCL.AC.UK. IN A 128.16.5.31 IN MX 10 bells.cs.ucl.ac.uk. IN MX 11 haig.cs.ucl.ac.uk. diff --git a/bin/tests/system/checkconf/bad-also-notify.conf b/bin/tests/system/checkconf/bad-also-notify.conf index 794be9648d..3a9f70fc1a 100644 --- a/bin/tests/system/checkconf/bad-also-notify.conf +++ b/bin/tests/system/checkconf/bad-also-notify.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,6 +14,8 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* $Id$ */ + /* * Missing master in also-notify clause. */ diff --git a/bin/tests/system/checkconf/bad-dnssec.conf b/bin/tests/system/checkconf/bad-dnssec.conf index bfa29dbace..de888c80a4 100644 --- a/bin/tests/system/checkconf/bad-dnssec.conf +++ b/bin/tests/system/checkconf/bad-dnssec.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,6 +14,8 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* $Id$ */ + zone not-inline { type slave; masters { 127.0.0.1; }; diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf index 9585b11937..8f0ecf7ea0 100644 --- a/bin/tests/system/checkconf/bad-tsig.conf +++ b/bin/tests/system/checkconf/bad-tsig.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,6 +14,8 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* $Id$ */ + /* Bad secret */ key "badtsig" { algorithm hmac-md5; diff --git a/bin/tests/system/checkds/clean.sh b/bin/tests/system/checkds/clean.sh index 2c0d5a3e48..8c0ce108c5 100644 --- a/bin/tests/system/checkds/clean.sh +++ b/bin/tests/system/checkds/clean.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -14,4 +14,6 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. +# $Id$ + rm -f checkds.* diff --git a/bin/tests/system/checkds/dig.sh b/bin/tests/system/checkds/dig.sh index 73d62cc8a9..fcbc619d6b 100755 --- a/bin/tests/system/checkds/dig.sh +++ b/bin/tests/system/checkds/dig.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -14,6 +14,8 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. +# $Id$ + while [ "$#" != 0 ]; do case $1 in diff --git a/bin/tests/system/checkds/setup.sh b/bin/tests/system/checkds/setup.sh index 798d088311..25047cda1f 100644 --- a/bin/tests/system/checkds/setup.sh +++ b/bin/tests/system/checkds/setup.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -14,4 +14,6 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. +# $Id$ + sh clean.sh diff --git a/bin/tests/system/checkds/tests.sh b/bin/tests/system/checkds/tests.sh index acfeecccc7..1d815083be 100644 --- a/bin/tests/system/checkds/tests.sh +++ b/bin/tests/system/checkds/tests.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") # # Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -14,6 +14,8 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. +# $Id$ + SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index a39fdcd3e4..ed23ac1948 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -61,7 +61,8 @@ SUBDIRS="acl allow_query addzone autosign builtin cacheclean checkconf logfileconfig lwresd masterfile masterformat metadata notify nsupdate pending pkcs11 redirect resolver rndc rpz rrsetorder rsabigexponent sortlist smartsign staticstub stub tkey tsig - tsiggss unknown upforwd verify views xfer xferquota zonechecks" + tsiggss unknown upforwd verify views wildcard xfer xferquota + zonechecks" # PERL will be an empty string if no perl interpreter was found. PERL=@PERL@ diff --git a/bin/tests/system/masterfile/knowngood.dig.out b/bin/tests/system/masterfile/knowngood.dig.out index 56de55503f..d4cbac84bf 100644 --- a/bin/tests/system/masterfile/knowngood.dig.out +++ b/bin/tests/system/masterfile/knowngood.dig.out @@ -5,7 +5,6 @@ a.include. 300 IN A 10.0.0.99 a.a.include. 300 IN A 10.0.1.1 b.foo.a.include. 300 IN A 10.0.2.2 b.include. 300 IN A 10.0.0.2 -b.include. 300 IN A 10.0.0.99 a.b.include. 300 IN A 10.0.1.1 c.b.include. 300 IN A 10.0.0.3 b.foo.b.include. 300 IN A 10.0.2.2 diff --git a/bin/tests/system/masterfile/ns1/include.db b/bin/tests/system/masterfile/ns1/include.db index 47c985ff21..762ee9c4f2 100644 --- a/bin/tests/system/masterfile/ns1/include.db +++ b/bin/tests/system/masterfile/ns1/include.db @@ -1,4 +1,4 @@ -; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +; Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC") ; Copyright (C) 2001 Internet Software Consortium. ; ; Permission to use, copy, modify, and/or distribute this software for any @@ -37,5 +37,5 @@ b A 10.0.0.2 $ORIGIN b $INCLUDE sub.db ; use the current domain name - A 10.0.0.99 +; A 10.0.0.99 c A 10.0.0.3 diff --git a/bin/tests/system/nsupdate/clean.sh b/bin/tests/system/nsupdate/clean.sh index 9af14fc723..981f00af29 100644 --- a/bin/tests/system/nsupdate/clean.sh +++ b/bin/tests/system/nsupdate/clean.sh @@ -22,7 +22,9 @@ # rm -f ns1/*.jnl ns2/*.jnl -rm -f ns1/example.db ns1/unixtime.db ns1/update.db ns1/other.db ns1/ddns.key +rm -f ns1/example.db ns1/unixtime.db ns1/update.db ns1/other.db ns1/keytests.db +rm -f ns1/md5.key ns1/sha1.key ns1/sha224.key ns1/sha256.key ns1/sha384.key +rm -f ns1/sha512.key ns1/ddns.key rm -f nsupdate.out rm -f random.data rm -f ns2/example.bk diff --git a/bin/tests/system/nsupdate/ns1/named.conf b/bin/tests/system/nsupdate/ns1/named.conf index 0132c2259a..2ee6d8bd84 100644 --- a/bin/tests/system/nsupdate/ns1/named.conf +++ b/bin/tests/system/nsupdate/ns1/named.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -63,7 +63,7 @@ zone "other.nil" { file "other.db"; check-integrity no; update-policy local; - allow-query-on { 127.0.0.1; }; + allow-query-on { 10.53.0.1; 127.0.0.1; }; allow-transfer { any; }; }; @@ -90,3 +90,22 @@ zone "unixtime.nil" { serial-update-method unixtime; }; +include "md5.key"; +include "sha1.key"; +include "sha224.key"; +include "sha256.key"; +include "sha384.key"; +include "sha512.key"; + +zone "keytests.nil" { + type master; + file "keytests.db"; + update-policy { + grant md5-key name md5.keytests.nil. ANY; + grant sha1-key name sha1.keytests.nil. ANY; + grant sha224-key name sha224.keytests.nil. ANY; + grant sha256-key name sha256.keytests.nil. ANY; + grant sha384-key name sha384.keytests.nil. ANY; + grant sha512-key name sha512.keytests.nil. ANY; + }; +}; diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh index 16c030c765..bb015142da 100644 --- a/bin/tests/system/nsupdate/setup.sh +++ b/bin/tests/system/nsupdate/setup.sh @@ -31,6 +31,7 @@ rm -f ns3/example.db.jnl cp -f ns1/example1.db ns1/example.db sed 's/example.nil/other.nil/g' ns1/example1.db > ns1/other.db sed 's/example.nil/unixtime.nil/g' ns1/example1.db > ns1/unixtime.db +sed 's/example.nil/keytests.nil/g' ns1/example1.db > ns1/keytests.db cp -f ns3/example.db.in ns3/example.db # update_test.pl has its own zone file because it @@ -53,4 +54,11 @@ EOF ../../../tools/genrandom 400 random.data $DDNSCONFGEN -q -r random.data -z example.nil > ns1/ddns.key +$DDNSCONFGEN -q -r random.data -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key +$DDNSCONFGEN -q -r random.data -a hmac-sha1 -k sha1-key -z keytests.nil > ns1/sha1.key +$DDNSCONFGEN -q -r random.data -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key +$DDNSCONFGEN -q -r random.data -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key +$DDNSCONFGEN -q -r random.data -a hmac-sha384 -k sha384-key -z keytests.nil > ns1/sha384.key +$DDNSCONFGEN -q -r random.data -a hmac-sha512 -k sha512-key -z keytests.nil > ns1/sha512.key + (cd ns3; sh -e sign.sh) diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh index 48988a8c8d..35e3c7af85 100644 --- a/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh @@ -41,113 +41,137 @@ while true; do fi done +ret=0 echo "I:fetching first copy of zone before update" $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ - @10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1 + @10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1 +[ $ret = 0 ] || { echo I:failed; status=1; } +ret=0 echo "I:fetching second copy of zone before update" $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ - @10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1 + @10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1 +[ $ret = 0 ] || { echo I:failed; status=1; } +ret=0 echo "I:comparing pre-update copies to known good data" -$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns1 || status=1 -$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns2 || status=1 +$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns1 || ret=1 +$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns2 || ret=1 +[ $ret = 0 ] || { echo I:failed; status=1; } +ret=0 echo "I:updating zone" # nsupdate will print a ">" prompt to stdout as it gets each input line. -$NSUPDATE -k ns1/ddns.key < /dev/null || status=1 +$NSUPDATE -k ns1/ddns.key < /dev/null || ret=1 server 10.53.0.1 5300 update add updated.example.nil. 600 A 10.10.10.1 add updated.example.nil. 600 TXT Foo delete t.example.nil. END +[ $ret = 0 ] || { echo I:failed; status=1; } + echo "I:sleeping 5 seconds for server to incorporate changes" sleep 5 +ret=0 echo "I:fetching first copy of zone after update" $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ - @10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1 + @10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1 +[ $ret = 0 ] || { echo I:failed; status=1; } +ret=0 echo "I:fetching second copy of zone after update" $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ - @10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1 + @10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1 +[ $ret = 0 ] || { echo I:failed; status=1; } +ret=0 echo "I:comparing post-update copies to known good data" -$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || status=1 -$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns2 || status=1 +$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || ret=1 +$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns2 || ret=1 +[ $ret = 0 ] || { echo I:failed; status=1; } +ret=0 echo "I:testing local update policy" -pre=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || status=1 -[ -z "$pre" ] || status=1 +pre=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || ret=1 +[ -z "$pre" ] || ret=1 +[ $ret = 0 ] || { echo I:failed; status=1; } +ret=0 echo "I:updating zone" # nsupdate will print a ">" prompt to stdout as it gets each input line. -$NSUPDATE -l -p 5300 -k ns1/session.key > /dev/null < /dev/null < nsupdate.out 2>&1 << END && status=1 +$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END && ret=1 update add other.nil. 600 in ns ns3.other.nil. send END -grep REFUSED nsupdate.out > /dev/null 2>&1 || status=1 +grep REFUSED nsupdate.out > /dev/null 2>&1 || ret=1 # ...but should work if an A record is inserted first: -$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || status=1 +$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1 update add ns4.other.nil 600 in a 10.53.0.1 send update add other.nil. 600 in ns ns4.other.nil. send END -grep REFUSED nsupdate.out > /dev/null 2>&1 && status=1 +grep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1 # ...or if an AAAA record does: -$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || status=1 +$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1 update add ns5.other.nil 600 in aaaa 2001:db8::1 send update add other.nil. 600 in ns ns5.other.nil. send END -grep REFUSED nsupdate.out > /dev/null 2>&1 && status=1 +grep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1 # ...or if the NS and A/AAAA are inserted together: -$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || status=1 +$NSUPDATE -l -p 5300 -k ns1/session.key > nsupdate.out 2>&1 << END || ret=1 update add other.nil. 600 in ns ns6.other.nil. update add ns6.other.nil 600 in a 10.53.0.1 send END -grep REFUSED nsupdate.out > /dev/null 2>&1 && status=1 +grep REFUSED nsupdate.out > /dev/null 2>&1 && ret=1 +[ $ret = 0 ] || { echo I:failed; status=1; } echo "I:sleeping 5 seconds for server to incorporate changes" sleep 5 +ret=0 echo "I:checking result of update" -$DIG +short @10.53.0.1 -p 5300 ns other.nil > dig.out.ns1 || status=1 -grep ns3.other.nil dig.out.ns1 > /dev/null 2>&1 && status=1 -grep ns4.other.nil dig.out.ns1 > /dev/null 2>&1 || status=1 -grep ns5.other.nil dig.out.ns1 > /dev/null 2>&1 || status=1 -grep ns6.other.nil dig.out.ns1 > /dev/null 2>&1 || status=1 +$DIG +short @10.53.0.1 -p 5300 ns other.nil > dig.out.ns1 || ret=1 +grep ns3.other.nil dig.out.ns1 > /dev/null 2>&1 && ret=1 +grep ns4.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1 +grep ns5.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1 +grep ns6.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1 +[ $ret = 0 ] || { echo I:failed; status=1; } ret=0 echo "I:check SIG(0) key is accepted" key=`$KEYGEN -q -r random.data -a NSEC3RSASHA1 -b 512 -T KEY -n ENTITY xxx` echo "" | $NSUPDATE -k ${key}.private > /dev/null 2>&1 || ret=1 -if [ $ret -ne 0 ]; then - echo "I:failed" - status=1 -fi +[ $ret = 0 ] || { echo I:failed; status=1; } n=`expr $n + 1` ret=0 @@ -158,12 +182,8 @@ $NSUPDATE < nsupdate.out 2>&1 && ret=1 update add example.nil. in type0 "" send END -grep "unknown class/type" nsupdate.out > /dev/null 2>&1 || -ret=1 -if [ $ret -ne 0 ]; then - echo "I:failed" - status=1 -fi +grep "unknown class/type" nsupdate.out > /dev/null 2>&1 || ret=1 +[ $ret = 0 ] || { echo I:failed; status=1; } n=`expr $n + 1` ret=0 @@ -175,10 +195,7 @@ $NSUPDATE -k ns1/ddns.key < nsupdate.out 2>&1 || ret=1 END $DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 -if [ $ret -ne 0 ]; then - echo "I:failed" - status=1 -fi +[ $ret = 0 ] || { echo I:failed; status=1; } n=`expr $n + 1` ret=0 @@ -187,11 +204,7 @@ echo "a0e4280000010000000100000000060001c00c000000fe000000000000" | $PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null $DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 -if test $ret -ne 0 -then - echo "I:failed" - status=1 -fi +[ $ret = 0 ] || { echo I:failed; status=1; } n=`expr $n + 1` echo "I:check that TYPE=0 additional data is handled ($n)" @@ -199,11 +212,7 @@ echo "a0e4280000010000000000010000060001c00c000000fe000000000000" | $PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null $DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 -if test $ret -ne 0 -then - echo "I:failed" - status=1 -fi +[ $ret = 0 ] || { echo I:failed; status=1; } n=`expr $n + 1` echo "I:check that update to undefined class is handled ($n)" @@ -211,11 +220,7 @@ echo "a0e4280000010001000000000000060101c00c000000fe000000000000" | $PERL ../packet.pl -a 10.53.0.1 -p 5300 -t tcp > /dev/null $DIG +tcp version.bind txt ch @10.53.0.1 -p 5300 > dig.out.ns1.$n grep "status: NOERROR" dig.out.ns1.$n > /dev/null || ret=1 -if test $ret -ne 0 -then - echo "I:failed" - status=1 -fi +[ $ret = 0 ] || { echo I:failed; status=1; } n=`expr $n + 1` echo "I:check that unixtime serial number is correctly generated ($n)" @@ -233,10 +238,7 @@ serial=`$DIG +short unixtime.nil. soa @10.53.0.1 -p 5300 | awk '{print $3}'` || # allow up to 2 seconds difference between the serial # number and the unix epoch date but no more $PERL -e 'exit 1 if abs($ARGV[1] - $ARGV[0]) > 2;' $now $serial || ret=1 -if [ $ret -ne 0 ]; then - echo "I:failed" - status=1 -fi +[ $ret = 0 ] || { echo I:failed; status=1; } if $PERL -e 'use Net::DNS;' 2>/dev/null then @@ -246,16 +248,21 @@ else echo "I:The second part of this test requires the Net::DNS library." >&2 fi +ret=0 echo "I:fetching first copy of test zone" $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ - @10.53.0.1 axfr -p 5300 > dig.out.ns1 || status=1 + @10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1 +[ $ret = 0 ] || { echo I:failed; status=1; } echo "I:fetching second copy of test zone" $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ - @10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1 + @10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1 +[ $ret = 0 ] || { echo I:failed; status=1; } +ret=0 echo "I:comparing zones" -$PERL ../digcomp.pl dig.out.ns1 dig.out.ns2 || status=1 +$PERL ../digcomp.pl dig.out.ns1 dig.out.ns2 || ret=1 +[ $ret = 0 ] || { echo I:failed; status=1; } echo "I:SIGKILL and restart server ns1" cd ns1 @@ -264,7 +271,7 @@ rm named.pid cd .. sleep 10 if - $PERL $SYSTEMTESTTOP/start.pl --noclean . ns1 + $PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns1 then echo "I:restarted server ns1" else @@ -273,23 +280,29 @@ else fi sleep 10 +ret=0 echo "I:fetching ns1 after hard restart" $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\ - @10.53.0.1 axfr -p 5300 > dig.out.ns1.after || status=1 + @10.53.0.1 axfr -p 5300 > dig.out.ns1.after || ret=1 +[ $ret = 0 ] || { echo I:failed; status=1; } +ret=0 echo "I:comparing zones" -$PERL ../digcomp.pl dig.out.ns1 dig.out.ns1.after || status=1 +$PERL ../digcomp.pl dig.out.ns1 dig.out.ns1.after || ret=1 +[ $ret = 0 ] || { echo I:failed; status=1; } echo "I:begin RT #482 regression test" +ret=0 echo "I:update master" -$NSUPDATE -k ns1/ddns.key < /dev/null || status=1 +$NSUPDATE -k ns1/ddns.key < /dev/null || ret=1 server 10.53.0.1 5300 update add updated2.example.nil. 600 A 10.10.10.2 update add updated2.example.nil. 600 TXT Bar update delete c.example.nil. send END +[ $ret = 0 ] || { echo I:failed; status=1; } sleep 5 @@ -298,14 +311,16 @@ kill -HUP `cat ns2/named.pid` sleep 5 +ret=0 echo "I:update master again" -$NSUPDATE -k ns1/ddns.key < /dev/null || status=1 +$NSUPDATE -k ns1/ddns.key < /dev/null || ret=1 server 10.53.0.1 5300 update add updated3.example.nil. 600 A 10.10.10.3 update add updated3.example.nil. 600 TXT Zap del d.example.nil. send END +[ $ret = 0 ] || { echo I:failed; status=1; } sleep 5 @@ -314,16 +329,18 @@ kill -HUP `cat ns2/named.pid` sleep 5 +echo "I:check to 'out of sync' message" if grep "out of sync" ns2/named.run then + echo "I: failed (found 'out of sync')" status=1 fi echo "I:end RT #482 regression test" n=`expr $n + 1` -echo "I:start NSEC3PARAM changes via UPDATE on a unsigned zone test ($n)" ret=0 +echo "I:start NSEC3PARAM changes via UPDATE on a unsigned zone test ($n)" $NSUPDATE << EOF server 10.53.0.3 5300 update add example 3600 nsec3param 1 0 0 - @@ -338,11 +355,11 @@ $DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec example.\ @10.53.0.3 nsec3param -p 5300 > dig.out.ns3.$n || ret=1 grep "ANSWER: 0" dig.out.ns3.$n > /dev/null || ret=1 grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi +[ $ret = 0 ] || { echo I:failed; status=1; } n=`expr $n + 1` -echo "I:change the NSEC3PARAM ttl via update ($n)" ret=0 +echo "I:change the NSEC3PARAM ttl via update ($n)" $NSUPDATE << EOF server 10.53.0.3 5300 update add nsec3param.test 3600 NSEC3PARAM 1 0 1 - @@ -356,11 +373,11 @@ $DIG +tcp +noadd +nosea +nostat +noquest +nocmd +norec nsec3param.test.\ grep "ANSWER: 1" dig.out.ns3.$n > /dev/null || ret=1 grep "3600.*NSEC3PARAM" dig.out.ns3.$n > /dev/null || ret=1 grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1 -if [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi +[ $ret = 0 ] || { echo I:failed; status=1; } n=`expr $n + 1` -echo "I:add a new the NSEC3PARAM via update ($n)" ret=0 +echo "I:add a new the NSEC3PARAM via update ($n)" $NSUPDATE << EOF server 10.53.0.3 5300 update add nsec3param.test 3600 NSEC3PARAM 1 0 4 - @@ -377,8 +394,8 @@ grep "flags:[^;]* aa[ ;]" dig.out.ns3.$n > /dev/null || ret=1 if [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi n=`expr $n + 1` -echo "I:add, delete and change the ttl of the NSEC3PARAM rrset via update ($n)" ret=0 +echo "I:add, delete and change the ttl of the NSEC3PARAM rrset via update ($n)" $NSUPDATE << EOF server 10.53.0.3 5300 update delete nsec3param.test NSEC3PARAM @@ -406,7 +423,7 @@ if [ $ret != 0 ] ; then echo "I: failed"; status=`expr $ret + $status`; fi echo "I:testing that rndc stop updates the master file" -$NSUPDATE -k ns1/ddns.key < /dev/null || status=1 +$NSUPDATE -k ns1/ddns.key < /dev/null || ret=1 server 10.53.0.1 5300 update add updated4.example.nil. 600 A 10.10.10.3 send @@ -416,10 +433,11 @@ $PERL $SYSTEMTESTTOP/stop.pl --use-rndc . ns1 # that the data served by the new server process are exactly # those dumped to the master file by "rndc stop". rm -f ns1/*jnl -$PERL $SYSTEMTESTTOP/start.pl --noclean . ns1 +$PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns1 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd updated4.example.nil.\ @10.53.0.1 a -p 5300 > dig.out.ns1 || status=1 -$PERL ../digcomp.pl knowngood.ns1.afterstop dig.out.ns1 || status=1 +$PERL ../digcomp.pl knowngood.ns1.afterstop dig.out.ns1 || ret=1 +[ $ret = 0 ] || { echo I:failed; status=1; } ret=0 echo "I:check that 'nsupdate -l' with a missing keyfile reports the missing file" @@ -484,5 +502,24 @@ if [ $ret -ne 0 ]; then status=1 fi +n=`expr $n + 1` +ret=0 +echo "I:check TSIG key algorithms ($n)" +for alg in md5 sha1 sha224 sha256 sha384 sha512; do + $NSUPDATE -k ns1/${alg}.key < /dev/null || ret=1 +server 10.53.0.1 5300 +update add ${alg}.keytests.nil. 600 A 10.10.10.3 +send +END +done +sleep 2 +for alg in md5 sha1 sha224 sha256 sha384 sha512; do + $DIG +short @10.53.0.1 -p 5300 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1 +done +if [ $ret -ne 0 ]; then + echo "I:failed" + status=1 +fi + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/nsupdate/update_test.pl b/bin/tests/system/nsupdate/update_test.pl index 4b542916bf..539984162c 100644 --- a/bin/tests/system/nsupdate/update_test.pl +++ b/bin/tests/system/nsupdate/update_test.pl @@ -120,7 +120,7 @@ test("NOERROR", ["pre", nxdomain("a.$zone")]); # RRset does not exist test("NOERROR", ["pre", nxrrset("a.$zone A")]); # RRset exists (value dependent) -test("NXRRSET", ["pre", yxrrset("a.$zone 300 A 73.80.65.49")]); +test("NXRRSET", ["pre", yxrrset("a.$zone A 73.80.65.49")]); section ("Simple creation of data"); @@ -136,7 +136,7 @@ test("YXDOMAIN", ["pre", nxdomain("a.$zone")]); # RRset does not exist test("YXRRSET", ["pre", nxrrset("a.$zone A")]); # RRset exists (value dependent) -test("NOERROR", ["pre", yxrrset("a.$zone 300 A 73.80.65.49")]); +test("NOERROR", ["pre", yxrrset("a.$zone A 73.80.65.49")]); # # Merging of RRsets @@ -145,17 +145,17 @@ test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.50")]); section("Detailed tests of \"RRset exists (value dependent)\" prerequisites"); test("NOERROR", ["pre", - yxrrset("a.$zone 300 A 73.80.65.49"), - yxrrset("a.$zone 300 A 73.80.65.50")]); + yxrrset("a.$zone A 73.80.65.49"), + yxrrset("a.$zone A 73.80.65.50")]); test("NOERROR", ["pre", - yxrrset("a.$zone 300 A 73.80.65.50"), - yxrrset("a.$zone 300 A 73.80.65.49")]); -test("NXRRSET", ["pre", yxrrset("a.$zone 300 A 73.80.65.49")]); -test("NXRRSET", ["pre", yxrrset("a.$zone 300 A 73.80.65.50")]); + yxrrset("a.$zone A 73.80.65.50"), + yxrrset("a.$zone A 73.80.65.49")]); +test("NXRRSET", ["pre", yxrrset("a.$zone A 73.80.65.49")]); +test("NXRRSET", ["pre", yxrrset("a.$zone A 73.80.65.50")]); test("NXRRSET", ["pre", - yxrrset("a.$zone 300 A 73.80.65.49"), - yxrrset("a.$zone 300 A 73.80.65.50"), - yxrrset("a.$zone 300 A 73.80.65.51")]); + yxrrset("a.$zone A 73.80.65.49"), + yxrrset("a.$zone A 73.80.65.50"), + yxrrset("a.$zone A 73.80.65.51")]); section("Torture test of \"RRset exists (value dependent)\" prerequisites."); @@ -175,31 +175,31 @@ test("NOERROR", ["update", rr_add("e.$zone 300 MX 10 mail.$zone")]); test("NOERROR", ["pre", - yxrrset("e.$zone 300 A 73.80.65.52"), - yxrrset("e.$zone 300 TXT 'two'"), - yxrrset("e.$zone 300 A 73.80.65.51"), - yxrrset("e.$zone 300 TXT 'three'"), - yxrrset("e.$zone 300 A 73.80.65.50"), - yxrrset("f.$zone 300 A 73.80.65.52"), - yxrrset("e.$zone 300 A 73.80.65.49"), - yxrrset("e.$zone 300 TXT 'one'")]); + yxrrset("e.$zone A 73.80.65.52"), + yxrrset("e.$zone TXT 'two'"), + yxrrset("e.$zone A 73.80.65.51"), + yxrrset("e.$zone TXT 'three'"), + yxrrset("e.$zone A 73.80.65.50"), + yxrrset("f.$zone A 73.80.65.52"), + yxrrset("e.$zone A 73.80.65.49"), + yxrrset("e.$zone TXT 'one'")]); section("Subtraction of RRsets"); -test("NOERROR", ["update", rr_del("a.$zone 300 A 73.80.65.49")]); +test("NOERROR", ["update", rr_del("a.$zone A 73.80.65.49")]); test("NOERROR", ["pre", - yxrrset("a.$zone 300 A 73.80.65.50")]); + yxrrset("a.$zone A 73.80.65.50")]); -test("NOERROR", ["update", rr_del("a.$zone 300 A 73.80.65.50")]); -test("NOERROR", ["pre", nxrrset("a.$zone 300 A")]); +test("NOERROR", ["update", rr_del("a.$zone A 73.80.65.50")]); +test("NOERROR", ["pre", nxrrset("a.$zone A")]); test("NOERROR", ["pre", nxdomain("a.$zone")]); section("Other forms of deletion"); test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.49")]); test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.50")]); test("NOERROR", ["update", rr_add("a.$zone 300 MX 10 mail.$zone")]); -test("NOERROR", ["update", rr_del("a.$zone 300 A")]); -test("NOERROR", ["pre", nxrrset("a.$zone 300 A")]); +test("NOERROR", ["update", rr_del("a.$zone A")]); +test("NOERROR", ["pre", nxrrset("a.$zone A")]); test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.49")]); test("NOERROR", ["update", rr_add("a.$zone 300 A 73.80.65.50")]); test("NOERROR", ["update", rr_del("a.$zone")]); @@ -207,12 +207,12 @@ test("NOERROR", ["pre", nxdomain("a.$zone")]); section("Case insensitivity"); test("NOERROR", ["update", rr_add("a.$zone 300 PTR foo.net.")]); -test("NOERROR", ["pre", yxrrset("A.$zone 300 PTR fOo.NeT.")]); +test("NOERROR", ["pre", yxrrset("A.$zone PTR fOo.NeT.")]); section("Special CNAME rules"); test("NOERROR", ["update", rr_add("b.$zone 300 CNAME foo.net.")]); test("NOERROR", ["update", rr_add("b.$zone 300 A 73.80.65.49")]); -test("NOERROR", ["pre", yxrrset("b.$zone 300 CNAME foo.net.")]); +test("NOERROR", ["pre", yxrrset("b.$zone CNAME foo.net.")]); test("NOERROR", ["pre", nxrrset("b.$zone A")]); test("NOERROR", ["update", rr_add("c.$zone 300 A 73.80.65.49")]); @@ -232,9 +232,9 @@ test("NOERROR", ["pre", nxrrset("c.$zone CNAME")]); #test("NOERROR", ["update", rr_add("c.$zone 300 WKS 73.80.65.50 TCP telnet ftp")]); #test("NOERROR", ["update", rr_add("c.$zone 300 WKS 73.80.65.49 TCP smtp")]); #test("NOERROR", ["pre", -# yxrrset("c.$zone 300 WKS 73.80.65.49 TCP smtp"), -# yxrrset("c.$zone 300 WKS 73.80.65.49 UDP telnet ftp"), -# yxrrset("c.$zone 300 WKS 73.80.65.50 TCP telnet ftp")]); +# yxrrset("c.$zone WKS 73.80.65.49 TCP smtp"), +# yxrrset("c.$zone WKS 73.80.65.49 UDP telnet ftp"), +# yxrrset("c.$zone WKS 73.80.65.50 TCP telnet ftp")]); section("Special NS rules"); @@ -248,37 +248,37 @@ section("Special NS rules"); test("NOERROR", ["update", rr_add("$zone 300 NS ns1.$zone"), rr_add("$zone 300 NS ns2.$zone")]); -test("NOERROR", ["update", rr_del("$zone 300 NS ns1.$zone")]); -test("NOERROR", ["update", rr_del("$zone 300 NS ns2.$zone")]); +test("NOERROR", ["update", rr_del("$zone NS ns1.$zone")]); +test("NOERROR", ["update", rr_del("$zone NS ns2.$zone")]); test("NOERROR", ["pre", - yxrrset("$zone 300 NS ns2.$zone")]); + yxrrset("$zone NS ns2.$zone")]); # Non-apex test("NOERROR", ["update", rr_add("n.$zone 300 NS ns1.$zone")]); -test("NOERROR", ["update", rr_del("n.$zone 300 NS ns1.$zone")]); -test("NOERROR", ["pre", nxrrset("n.$zone 300 NS")]); +test("NOERROR", ["update", rr_del("n.$zone NS ns1.$zone")]); +test("NOERROR", ["pre", nxrrset("n.$zone NS")]); # Other ways of deleting NS records should also fail at the apex # and work elsewhere. # Non-apex test("NOERROR", ["update", rr_add("n.$zone 300 NS ns1.$zone")]); -test("NOERROR", ["update", rr_del("n.$zone 300 NS")]); -test("NOERROR", ["pre", nxrrset("n.$zone 300 NS")]); +test("NOERROR", ["update", rr_del("n.$zone NS")]); +test("NOERROR", ["pre", nxrrset("n.$zone NS")]); test("NOERROR", ["update", rr_add("n.$zone 300 NS ns1.$zone")]); -test("NOERROR", ["pre", yxrrset("n.$zone 300 NS")]); +test("NOERROR", ["pre", yxrrset("n.$zone NS")]); test("NOERROR", ["update", rr_del("n.$zone")]); -test("NOERROR", ["pre", nxrrset("n.$zone 300 NS")]); +test("NOERROR", ["pre", nxrrset("n.$zone NS")]); # Apex test("NOERROR", ["update", rr_del("$zone NS")]); test("NOERROR", ["pre", - yxrrset("$zone 300 NS ns2.$zone")]); + yxrrset("$zone NS ns2.$zone")]); test("NOERROR", ["update", rr_del("$zone")]); test("NOERROR", ["pre", - yxrrset("$zone 300 NS ns2.$zone")]); + yxrrset("$zone NS ns2.$zone")]); # They should not touch the SOA, either. @@ -289,34 +289,34 @@ test("NOERROR", ["pre", yxrrset("$zone SOA")]); section("Idempotency"); test("NOERROR", ["update", rr_add("d.$zone 300 A 73.80.65.49")]); -test("NOERROR", ["pre", yxrrset("d.$zone 300 A 73.80.65.49")]); +test("NOERROR", ["pre", yxrrset("d.$zone A 73.80.65.49")]); test("NOERROR", ["update", rr_add("d.$zone 300 A 73.80.65.49"), rr_del("d.$zone A")]); -test("NOERROR", ["pre", nxrrset("d.$zone 300 A 73.80.65.49")]); +test("NOERROR", ["pre", nxrrset("d.$zone A")]); -test("NOERROR", ["update", rr_del("d.$zone 300 A 73.80.65.49")]); -test("NOERROR", ["pre", nxrrset("d.$zone 300 A")]); +test("NOERROR", ["update", rr_del("d.$zone A 73.80.65.49")]); +test("NOERROR", ["pre", nxrrset("d.$zone A")]); test("NOERROR", ["update", - rr_del("d.$zone 300 A"), + rr_del("d.$zone A"), rr_add("d.$zone 300 A 73.80.65.49")]); -test("NOERROR", ["pre", yxrrset("d.$zone 300 A")]); +test("NOERROR", ["pre", yxrrset("d.$zone A")]); section("Out-of-zone prerequisites and updates"); -test("NOTZONE", ["pre", yxrrset("a.somewhere.else. 300 A 73.80.65.49")]); +test("NOTZONE", ["pre", yxrrset("a.somewhere.else. A 73.80.65.49")]); test("NOTZONE", ["update", rr_add("a.somewhere.else. 300 A 73.80.65.49")]); section("Glue"); test("NOERROR", ["update", rr_add("s.$zone 300 NS ns.s.$zone")]); test("NOERROR", ["update", rr_add("ns.s.$zone 300 A 73.80.65.49")]); -test("NOERROR", ["pre", yxrrset("ns.s.$zone 300 A 73.80.65.49")]); +test("NOERROR", ["pre", yxrrset("ns.s.$zone A 73.80.65.49")]); section("Wildcards"); test("NOERROR", ["update", rr_add("*.$zone 300 MX 10 mail.$zone")]); -test("NOERROR", ["pre", yxrrset("*.$zone 300 MX 10 mail.$zone")]); -test("NXRRSET", ["pre", yxrrset("w.$zone 300 MX 10 mail.$zone")]); +test("NOERROR", ["pre", yxrrset("*.$zone MX 10 mail.$zone")]); +test("NXRRSET", ["pre", yxrrset("w.$zone MX 10 mail.$zone")]); test("NOERROR", ["pre", nxrrset("w.$zone MX")]); test("NOERROR", ["pre", nxdomain("w.$zone")]); @@ -368,7 +368,7 @@ assert($db_soa->mname eq "mname1"); # #section("Big data"); #test("NOERROR", ["update", rr_add("a.$zone 300 TXT aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc")]); -#test("NOERROR", ["update", rr_del("a.$zone 300 TXT aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc")]); +#test("NOERROR", ["update", rr_del("a.$zone TXT aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc")]); test("NOERROR", ["update", rr_add("a.$zone 300 TXT " . ("foo " x 3))]); section("Updating TTLs only"); @@ -378,7 +378,7 @@ test("NOERROR", ["update", rr_add("t.$zone 300 A 73.80.65.49")]); $ttl = $a->ttl; assert($ttl == 300, "incorrect TTL value $ttl != 300"); test("NOERROR", ["update", - rr_del("t.$zone 300 A 73.80.65.49"), + rr_del("t.$zone A 73.80.65.49"), rr_add("t.$zone 301 A 73.80.65.49")]); ($a) = $res->query("t.$zone", "A")->answer; $ttl = $a->ttl; @@ -416,7 +416,7 @@ test("NOERROR", ["update", rr_add("b.u.$zone 300 A 73.80.65.49")]); test("NOERROR", ["update", rr_add("u.$zone 300 TXT txt-not-in-nxt")]); test("NOERROR", ["update", rr_add("u.$zone 300 NS ns.u.$zone")]); -test("NOERROR", ["update", rr_del("u.$zone 300 NS ns.u.$zone")]); +test("NOERROR", ["update", rr_del("u.$zone NS ns.u.$zone")]); if ($failures) { print "I:$failures tests failed.\n"; diff --git a/bin/tests/system/resolver/ans2/ans.pl b/bin/tests/system/resolver/ans2/ans.pl index c9471b766e..9944ccabeb 100644 --- a/bin/tests/system/resolver/ans2/ans.pl +++ b/bin/tests/system/resolver/ans2/ans.pl @@ -42,8 +42,16 @@ for (;;) { print "**** request from " , $sock->peerhost, " port ", $sock->peerport, "\n"; - my ($packet, $err) = new Net::DNS::Packet(\$buf, 0); - $err and die $err; + my $packet; + + if ($Net::DNS::VERSION > 0.68) { + $packet = new Net::DNS::Packet(\$buf, 0); + $@ and die $@; + } else { + my $err; + ($packet, $err) = new Net::DNS::Packet(\$buf, 0); + $err and die $err; + } print "REQUEST:\n"; $packet->print; diff --git a/bin/tests/system/resolver/ans3/ans.pl b/bin/tests/system/resolver/ans3/ans.pl index e8a6ba52c8..f1fd59f40e 100644 --- a/bin/tests/system/resolver/ans3/ans.pl +++ b/bin/tests/system/resolver/ans3/ans.pl @@ -42,8 +42,16 @@ for (;;) { print "**** request from " , $sock->peerhost, " port ", $sock->peerport, "\n"; - my ($packet, $err) = new Net::DNS::Packet(\$buf, 0); - $err and die $err; + my $packet; + + if ($Net::DNS::VERSION > 0.68) { + $packet = new Net::DNS::Packet(\$buf, 0); + $@ and die $@; + } else { + my $err; + ($packet, $err) = new Net::DNS::Packet(\$buf, 0); + $err and die $err; + } print "REQUEST:\n"; $packet->print; diff --git a/bin/tests/system/rndc/ns3/named.conf b/bin/tests/system/rndc/ns3/named.conf index d50a7f95e4..9feefac75e 100644 --- a/bin/tests/system/rndc/ns3/named.conf +++ b/bin/tests/system/rndc/ns3/named.conf @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,6 +14,8 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* $Id$ */ + controls { /* empty */ }; options { diff --git a/bin/tests/system/rsabigexponent/bigkey.c b/bin/tests/system/rsabigexponent/bigkey.c index 0b8c17df1f..aa2e8ec8ed 100644 --- a/bin/tests/system/rsabigexponent/bigkey.c +++ b/bin/tests/system/rsabigexponent/bigkey.c @@ -202,7 +202,7 @@ main(int argc, char **argv) { "isc_log_usechannel()"); dns_fixedname_init(&fname); name = dns_fixedname_name(&fname); - isc_buffer_init(&buf, "example.", strlen("example.")); + isc_buffer_constinit(&buf, "example.", strlen("example.")); isc_buffer_add(&buf, strlen("example.")); CHECK(dns_name_fromtext(name, &buf, dns_rootname, 0, NULL), "dns_name_fromtext(\"example.\")"); diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c index a417a91b23..ff2c2eed44 100644 --- a/bin/tests/system/tkey/keycreate.c +++ b/bin/tests/system/tkey/keycreate.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -150,14 +150,14 @@ sendquery(isc_task_t *task, isc_event_t *event) { isc_sockaddr_fromin(&address, &inaddr, PORT); dns_fixedname_init(&keyname); - isc_buffer_init(&namestr, "tkeytest.", 9); + isc_buffer_constinit(&namestr, "tkeytest.", 9); isc_buffer_add(&namestr, 9); result = dns_name_fromtext(dns_fixedname_name(&keyname), &namestr, NULL, 0, NULL); CHECK("dns_name_fromtext", result); dns_fixedname_init(&ownername); - isc_buffer_init(&namestr, ownername_str, strlen(ownername_str)); + isc_buffer_constinit(&namestr, ownername_str, strlen(ownername_str)); isc_buffer_add(&namestr, strlen(ownername_str)); result = dns_name_fromtext(dns_fixedname_name(&ownername), &namestr, NULL, 0, NULL); diff --git a/bin/tests/system/unknown/ns1/example-in.db b/bin/tests/system/unknown/ns1/example-in.db index c8485d364c..63ea80deb8 100644 --- a/bin/tests/system/unknown/ns1/example-in.db +++ b/bin/tests/system/unknown/ns1/example-in.db @@ -53,6 +53,8 @@ txt4 CLASS1 TYPE16 "hello" txt5 TXT \# 6 0568656C6C6F txt6 TYPE16 \# 6 0568656C6C6F txt7 IN TXT \# 6 0568656C6C6F +txt8 IN TXT "\#" 2 0145 +txt9 IN TXT \# text unk1 TYPE123 \# 1 00 unk2 CLASS1 TYPE123 \# 1 00 diff --git a/bin/tests/system/unknown/tests.sh b/bin/tests/system/unknown/tests.sh index 14bb8539fd..69d7871521 100644 --- a/bin/tests/system/unknown/tests.sh +++ b/bin/tests/system/unknown/tests.sh @@ -172,5 +172,19 @@ diff large.out dig.out > /dev/null || { ret=1 ; echo "I: diff failed"; } [ $ret = 0 ] || echo "I: failed" status=`expr $status + $ret` +echo "I:check that '"'"\\#"'"' is not treated as the unknown escape sequence" +ret=0 +$DIG $DIGOPTS @10.53.0.1 +tcp +short txt8.example txt > dig.out +echo '"#" "2" "0145"' | diff - dig.out || ret=1 +[ $ret = 0 ] || echo "I: failed" +status=`expr $status + $ret` + +echo "I:check that '"'TXT \# text'"' is not treated as the unknown escape sequence" +ret=0 +$DIG $DIGOPTS @10.53.0.1 +tcp +short txt9.example txt > dig.out +echo '"#" "text"' | diff - dig.out || ret=1 +[ $ret = 0 ] || echo "I: failed" +status=`expr $status + $ret` + echo "I:exit status: $status" exit $status diff --git a/bin/tests/system/upforwd/ans4/ans.pl b/bin/tests/system/upforwd/ans4/ans.pl index af0e89780a..12e67b7c08 100644 --- a/bin/tests/system/upforwd/ans4/ans.pl +++ b/bin/tests/system/upforwd/ans4/ans.pl @@ -98,9 +98,16 @@ $SIG{TERM} = \&rmpid; my @rules; sub handleUDP { my ($buf) = @_; + my $packet; - my ($packet, $err) = new Net::DNS::Packet(\$buf, 0); - $err and die $err; + if ($Net::DNS::VERSION > 0.68) { + $packet = new Net::DNS::Packet(\$buf, 0); + $@ and die $@; + } else { + my $err; + ($packet, $err) = new Net::DNS::Packet(\$buf, 0); + $err and die $err; + } $packet->header->qr(1); $packet->header->aa(1); @@ -243,9 +250,16 @@ sub sign_tcp_continuation { sub handleTCP { my ($buf) = @_; + my $packet; - my ($packet, $err) = new Net::DNS::Packet(\$buf, 0); - $err and die $err; + if ($Net::DNS::VERSION > 0.68) { + $packet = new Net::DNS::Packet(\$buf, 0); + $@ and die $@; + } else { + my $err; + ($packet, $err) = new Net::DNS::Packet(\$buf, 0); + $err and die $err; + } $packet->header->qr(1); $packet->header->aa(1); diff --git a/bin/tests/system/wildcard/clean.sh b/bin/tests/system/wildcard/clean.sh new file mode 100644 index 0000000000..4aa51d6380 --- /dev/null +++ b/bin/tests/system/wildcard/clean.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# +# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: clean.sh,v 1.1.2.1 2010/06/01 03:55:01 marka Exp $ + +rm -f random.data +rm -f ns*/named.run +rm -f ns1/K* +rm -f ns1/*.db +rm -f ns1/*.signed +rm -f ns1/dsset-* +rm -f ns1/trusted.conf +rm -f ns1/private.nsec.conf +rm -f ns1/private.nsec3.conf +rm -f ns1/signer.err +rm -f */named.memstats +rm -f dig.out.ns*.test* diff --git a/bin/tests/system/wildcard/ns1/named.conf b/bin/tests/system/wildcard/ns1/named.conf new file mode 100644 index 0000000000..8ad4206b6c --- /dev/null +++ b/bin/tests/system/wildcard/ns1/named.conf @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.1.2.3 2010/06/01 07:04:49 marka Exp $ */ + +controls { /* empty */ }; + +options { + query-source address 10.53.0.1; + notify-source 10.53.0.1; + transfer-source 10.53.0.1; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.1; }; + listen-on-v6 { none; }; + recursion no; + notify yes; + dnssec-enable yes; +}; + +zone "." { type master; file "root.db.signed"; }; + +zone "nsec" { type master; file "nsec.db.signed"; }; +zone "private.nsec" { type master; file "private.nsec.db.signed"; }; + +/* + * The contents of nsec3 and private.nsec3 are specially choosen to + * have seperate NSEC3 records for the "no qname proof" and the + * "closest encloser proof". + */ +zone "nsec3" { type master; file "nsec3.db.signed"; }; +zone "private.nsec3" { type master; file "private.nsec3.db.signed"; }; diff --git a/bin/tests/system/wildcard/ns1/nsec.db.in b/bin/tests/system/wildcard/ns1/nsec.db.in new file mode 100644 index 0000000000..8e05431f70 --- /dev/null +++ b/bin/tests/system/wildcard/ns1/nsec.db.in @@ -0,0 +1,22 @@ +; Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id$ + +$TTL 120 +@ SOA a.root-servers.nil. hostmaster.root-servers.nil. 1 1800 900 604800 86400 +@ NS a.root-servers.nil. +private NS a.root-servers.nil. +*.wild CNAME a. +a.wild A 1.2.3.5 diff --git a/bin/tests/system/wildcard/ns1/nsec3.db.in b/bin/tests/system/wildcard/ns1/nsec3.db.in new file mode 100644 index 0000000000..8e05431f70 --- /dev/null +++ b/bin/tests/system/wildcard/ns1/nsec3.db.in @@ -0,0 +1,22 @@ +; Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id$ + +$TTL 120 +@ SOA a.root-servers.nil. hostmaster.root-servers.nil. 1 1800 900 604800 86400 +@ NS a.root-servers.nil. +private NS a.root-servers.nil. +*.wild CNAME a. +a.wild A 1.2.3.5 diff --git a/bin/tests/system/wildcard/ns1/private.nsec.db.in b/bin/tests/system/wildcard/ns1/private.nsec.db.in new file mode 100644 index 0000000000..063dc63e59 --- /dev/null +++ b/bin/tests/system/wildcard/ns1/private.nsec.db.in @@ -0,0 +1,21 @@ +; Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id$ + +$TTL 120 +@ SOA a.root-servers.nil. hostmaster.root-servers.nil. 1 1800 900 604800 86400 +@ NS a.root-servers.nil. +*.wild CNAME a. +a.wild A 1.2.3.5 diff --git a/bin/tests/system/wildcard/ns1/private.nsec3.db.in b/bin/tests/system/wildcard/ns1/private.nsec3.db.in new file mode 100644 index 0000000000..02d0da93bd --- /dev/null +++ b/bin/tests/system/wildcard/ns1/private.nsec3.db.in @@ -0,0 +1,22 @@ +; Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id$ + +$TTL 120 +@ SOA a.root-servers.nil. hostmaster.root-servers.nil. 1 1800 900 604800 86400 +@ NS a.root-servers.nil. +b A 1.2.3.4 +*.wild CNAME a. +a.wild A 1.2.3.5 diff --git a/bin/tests/system/wildcard/ns1/root.db.in b/bin/tests/system/wildcard/ns1/root.db.in new file mode 100644 index 0000000000..54cf2d2e0a --- /dev/null +++ b/bin/tests/system/wildcard/ns1/root.db.in @@ -0,0 +1,22 @@ +; Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id$ + +$TTL 120 +@ SOA a.root-servers.nil hostmaster.root-servers.nil 1 1800 900 604800 86400 +@ NS a.root-servers.nil +a.root-servers.nil A 10.53.0.1 +nsec NS a.root-servers.nil +nsec3 NS a.root-servers.nil diff --git a/bin/tests/system/wildcard/ns1/sign.sh b/bin/tests/system/wildcard/ns1/sign.sh new file mode 100755 index 0000000000..35269928ab --- /dev/null +++ b/bin/tests/system/wildcard/ns1/sign.sh @@ -0,0 +1,120 @@ +#!/bin/sh +# +# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: sign.sh,v 1.1.2.2 2010/06/01 06:38:47 marka Exp $ + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +RANDFILE=../random.data +dssets= + +zone=nsec. +infile=nsec.db.in +zonefile=nsec.db +outfile=nsec.db.signed +dssets="$dssets dsset-$zone" + +keyname1=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key > $zonefile + +$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo "I: signed $zone" + +zone=private.nsec. +infile=private.nsec.db.in +zonefile=private.nsec.db +outfile=private.nsec.db.signed + +keyname1=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key > $zonefile + +$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo "I: signed $zone" + +grep -v '^;' $keyname2.key | $PERL -n -e ' +local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; +local $key = join("", @rest); +print < private.nsec.conf + +zone=nsec3. +infile=nsec3.db.in +zonefile=nsec3.db +outfile=nsec3.db.signed +dssets="$dssets dsset-$zone" + +keyname1=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key > $zonefile + +$SIGNER -r $RANDFILE -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo "I: signed $zone" + +zone=private.nsec3. +infile=private.nsec3.db.in +zonefile=private.nsec3.db +outfile=private.nsec3.db.signed + +keyname1=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key > $zonefile + +$SIGNER -r $RANDFILE -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo "I: signed $zone" + +grep -v '^;' $keyname2.key | $PERL -n -e ' +local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; +local $key = join("", @rest); +print < private.nsec3.conf + +zone=. +infile=root.db.in +zonefile=root.db +outfile=root.db.signed + +keyname1=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` + +cat $infile $keyname1.key $keyname2.key $dssets >$zonefile + +$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err +echo "I: signed $zone" + +grep -v '^;' $keyname2.key | $PERL -n -e ' +local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; +local $key = join("", @rest); +print < trusted.conf diff --git a/bin/tests/system/wildcard/ns2/hints b/bin/tests/system/wildcard/ns2/hints new file mode 100644 index 0000000000..fed19b972d --- /dev/null +++ b/bin/tests/system/wildcard/ns2/hints @@ -0,0 +1,18 @@ +; Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: hints,v 1.1.2.1 2010/06/01 03:55:02 marka Exp $ + +. 0 NS ns.root-servers.nil. +ns.root-servers.nil. 0 A 10.53.0.1 diff --git a/bin/tests/system/wildcard/ns2/named.conf b/bin/tests/system/wildcard/ns2/named.conf new file mode 100644 index 0000000000..54d92197ee --- /dev/null +++ b/bin/tests/system/wildcard/ns2/named.conf @@ -0,0 +1,33 @@ +/* + * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.1.2.1 2010/06/01 03:55:02 marka Exp $ */ + +controls { /* empty */ }; + +options { + query-source address 10.53.0.2; + notify-source 10.53.0.2; + transfer-source 10.53.0.2; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + recursion yes; + notify yes; +}; + +zone "." { type hint; file "hints"; }; diff --git a/bin/tests/system/wildcard/ns3/hints b/bin/tests/system/wildcard/ns3/hints new file mode 100644 index 0000000000..fed19b972d --- /dev/null +++ b/bin/tests/system/wildcard/ns3/hints @@ -0,0 +1,18 @@ +; Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +; $Id: hints,v 1.1.2.1 2010/06/01 03:55:02 marka Exp $ + +. 0 NS ns.root-servers.nil. +ns.root-servers.nil. 0 A 10.53.0.1 diff --git a/bin/tests/system/wildcard/ns3/named.conf b/bin/tests/system/wildcard/ns3/named.conf new file mode 100644 index 0000000000..fe996c3515 --- /dev/null +++ b/bin/tests/system/wildcard/ns3/named.conf @@ -0,0 +1,35 @@ +/* + * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.1.2.1 2010/06/01 03:55:02 marka Exp $ */ + +controls { /* empty */ }; + +options { + query-source address 10.53.0.3; + notify-source 10.53.0.3; + transfer-source 10.53.0.3; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.3; }; + listen-on-v6 { none; }; + recursion yes; + notify yes; +}; + +include "../ns1/trusted.conf"; + +zone "." { type hint; file "hints"; }; diff --git a/bin/tests/system/wildcard/ns4/named.conf b/bin/tests/system/wildcard/ns4/named.conf new file mode 100644 index 0000000000..d1174a8662 --- /dev/null +++ b/bin/tests/system/wildcard/ns4/named.conf @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: named.conf,v 1.1.2.1 2010/06/01 03:55:02 marka Exp $ */ + +controls { /* empty */ }; + +options { + query-source address 10.53.0.4; + notify-source 10.53.0.4; + transfer-source 10.53.0.4; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.4; }; + listen-on-v6 { none; }; + recursion yes; + notify yes; + forward only; + forwarders { 10.53.0.2; }; +}; + +include "../ns1/trusted.conf"; +include "../ns1/private.nsec.conf"; +include "../ns1/private.nsec3.conf"; diff --git a/bin/tests/system/wildcard/setup.sh b/bin/tests/system/wildcard/setup.sh new file mode 100644 index 0000000000..fb4816df46 --- /dev/null +++ b/bin/tests/system/wildcard/setup.sh @@ -0,0 +1,21 @@ +#!/bin/sh +# +# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: setup.sh,v 1.1.2.1 2010/06/01 03:55:01 marka Exp $ + +../../../tools/genrandom 400 random.data + +(cd ns1 && sh -e sign.sh) diff --git a/bin/tests/system/wildcard/tests.sh b/bin/tests/system/wildcard/tests.sh new file mode 100644 index 0000000000..8dc97720c7 --- /dev/null +++ b/bin/tests/system/wildcard/tests.sh @@ -0,0 +1,136 @@ +#!/bin/sh +# +# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: tests.sh,v 1.1.2.3 2010/06/01 06:57:31 marka Exp $ + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +status=0 +n=0 + +rm -f dig.out.* + +DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300" + +n=`expr $n + 1` +echo "I: checking that NSEC wildcard non-existance proof is returned auth ($n)" +ret=0 +$DIG $DIGOPTS a b.wild.nsec +norec @10.53.0.1 > dig.out.ns1.test$n || ret=1 +grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I: checking that NSEC wildcard non-existance proof is returned non-validating ($n)" +ret=0 +$DIG $DIGOPTS a b.wild.nsec @10.53.0.2 > dig.out.ns2.test$n || ret=1 +grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns2.test$n > /dev/null || ret=1 +grep -i 'flags:.* ad[ ;]' dig.out.ns2.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I: checking that NSEC wildcard non-existance proof is returned validating ($n)" +ret=0 +$DIG $DIGOPTS a b.wild.nsec @10.53.0.3 > dig.out.ns3.test$n || ret=1 +grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns3.test$n > /dev/null || ret=1 +grep -i 'flags:.* ad[ ;]' dig.out.ns3.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I: checking that returned NSEC wildcard non-existance proof validates ($n)" +ret=0 +$DIG $DIGOPTS a b.wild.nsec @10.53.0.4 > dig.out.ns4.test$n || ret=1 +grep -i 'a\.wild\.nsec\..*NSEC.*nsec\..*NSEC' dig.out.ns4.test$n > /dev/null || ret=1 +grep -i 'flags:.* ad[ ;]' dig.out.ns4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I: checking that NSEC wildcard non-existance proof is returned private, validating ($n)" +ret=0 +$DIG $DIGOPTS a b.wild.private.nsec @10.53.0.3 > dig.out.ns3.test$n || ret=1 +grep -i 'a\.wild\.private\.nsec\..*NSEC.*private\.nsec\..*NSEC' dig.out.ns3.test$n > /dev/null || ret=1 +grep -i 'flags:.* ad[ ;]' dig.out.ns3.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I: checking that returned NSEC wildcard non-existance proof for private zone validates ($n)" +ret=0 +$DIG $DIGOPTS a b.wild.private.nsec @10.53.0.4 > dig.out.ns4.test$n || ret=1 +grep -i 'a\.wild\.private\.nsec\..*NSEC.*private\.nsec\..*NSEC' dig.out.ns4.test$n > /dev/null || ret=1 +grep -i 'flags:.* ad[ ;]' dig.out.ns4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I: checking that NSEC3 wildcard non-existance proof is returned auth ($n)" +ret=0 +$DIG $DIGOPTS a b.wild.nsec3 +norec @10.53.0.1 > dig.out.ns1.test$n || ret=1 +grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns1.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I: checking that NSEC3 wildcard non-existance proof is returned non-validating ($n)" +ret=0 +$DIG $DIGOPTS a b.wild.nsec3 @10.53.0.2 > dig.out.ns2.test$n || ret=1 +grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns2.test$n > /dev/null || ret=1 +grep -i 'flags:.* ad[ ;]' dig.out.ns2.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I: checking that NSEC3 wildcard non-existance proof is returned validating ($n)" +ret=0 +$DIG $DIGOPTS a b.wild.nsec3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 +grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns3.test$n > /dev/null || ret=1 +grep -i 'flags:.* ad[ ;]' dig.out.ns3.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I: checking that returned NSEC3 wildcard non-existance proof validates ($n)" +ret=0 +$DIG $DIGOPTS a b.wild.nsec3 @10.53.0.4 > dig.out.ns4.test$n || ret=1 +grep -i 'O3TJ8D9AJ54CBTFCQCJ3QK49CH7SF6H9\.nsec3\..*V5DLFB6UJNHR94LQ61FO607KGK12H88A' dig.out.ns4.test$n > /dev/null || ret=1 +grep -i 'flags:.* ad[ ;]' dig.out.ns4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I: checking that NSEC3 wildcard non-existance proof is returned private, validating ($n)" +ret=0 +$DIG $DIGOPTS a b.wild.private.nsec3 @10.53.0.3 > dig.out.ns3.test$n || ret=1 +grep -i 'UDBSP4R8OUOT6HSO39VD8B5LMOSHRD5N\.private\.nsec3\..*NSEC3.*ASDRUIB7GO00OR92S5OUGI404LT27RNU' dig.out.ns3.test$n > /dev/null || ret=1 +grep -i 'flags:.* ad[ ;]' dig.out.ns3.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I: checking that returned NSEC3 wildcard non-existance proof for private zone validates ($n)" +ret=0 +$DIG $DIGOPTS a b.wild.private.nsec3 @10.53.0.4 > dig.out.ns4.test$n || ret=1 +grep -i 'UDBSP4R8OUOT6HSO39VD8B5LMOSHRD5N\.private\.nsec3\..*NSEC3.*ASDRUIB7GO00OR92S5OUGI404LT27RNU' dig.out.ns4.test$n > /dev/null || ret=1 +grep -i 'flags:.* ad[ ;]' dig.out.ns4.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:exit status: $status" +exit $status diff --git a/bin/tests/zone_test.c b/bin/tests/zone_test.c index 124d0f5206..714a699680 100644 --- a/bin/tests/zone_test.c +++ b/bin/tests/zone_test.c @@ -100,7 +100,7 @@ setup(const char *zonename, const char *filename, const char *classname) { dns_zone_settype(zone, zonetype); - isc_buffer_init(&buffer, zonename, strlen(zonename)); + isc_buffer_constinit(&buffer, zonename, strlen(zonename)); isc_buffer_add(&buffer, strlen(zonename)); dns_fixedname_init(&fixorigin); result = dns_name_fromtext(dns_fixedname_name(&fixorigin), diff --git a/config.h.in b/config.h.in index 6b636cdf3d..a6ddcb1ed5 100644 --- a/config.h.in +++ b/config.h.in @@ -283,6 +283,9 @@ int sigwait(const unsigned int *set, int *sig); /* Define to 1 if you have the header file. */ #undef HAVE_NET_IF6_H +/* Define if your OpenSSL version supports ECDSA. */ +#undef HAVE_OPENSSL_ECDSA + /* Define if your OpenSSL version supports GOST. */ #undef HAVE_OPENSSL_GOST diff --git a/config.h.win32 b/config.h.win32 index fc961fa6c0..abcaddbe6e 100644 --- a/config.h.win32 +++ b/config.h.win32 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2006-2009, 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -278,3 +278,6 @@ typedef long off_t; /* Define to enable rpz-nsip rules. */ #define ENABLE_RPZ_NSIP + +/* Get SRCID */ +#include "srcid.h" diff --git a/config.threads.in b/config.threads.in index 3094ab087c..3f1c936fd5 100644 --- a/config.threads.in +++ b/config.threads.in @@ -69,7 +69,7 @@ case $host in esac AC_ARG_ENABLE(threads, - [ --enable-threads enable multithreading]) + [ --enable-threads enable multithreading]) case "$enable_threads" in yes) use_threads=true diff --git a/configure b/configure index a297b3089c..8f16553f51 100755 --- a/configure +++ b/configure @@ -1451,6 +1451,7 @@ enable_epoll enable_devpoll with_openssl enable_openssl_version_check +with_ecdsa with_gost enable_openssl_hash with_pkcs11 @@ -2121,7 +2122,7 @@ Optional Features: optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) --enable-libbind deprecated - --enable-developer enable developer build settings + --enable-developer enable developer build settings --enable-newstats use the new statistics --enable-kqueue use BSD kqueue when available [default=yes] --enable-epoll use Linux epoll when available [default=auto] @@ -2129,13 +2130,13 @@ Optional Features: --enable-openssl-version-check Check OpenSSL Version [default=yes] --enable-openssl-hash use OpenSSL for hash functions [default=no] - --enable-threads enable multithreading + --enable-threads enable multithreading --enable-largefile 64-bit file support --enable-backtrace log stack backtrace on abort [default=yes] --enable-symtable use internal symbol table for backtrace [all|minimal(default)|none] - --enable-exportlib build exportable library (GNU make required) - [default=no] + --enable-exportlib build exportable library (GNU make required) + [default=no] --enable-ipv6 use IPv6 default=autodetect --enable-getifaddrs Enable the use of getifaddrs() [yes|no]. --disable-isc-spnego use SPNEGO from GSSAPI library @@ -2158,10 +2159,11 @@ Optional Packages: --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-sysroot=DIR Search for dependent libraries within DIR (or the compiler's sysroot if not specified). - --with-python=PATH Specify path to python interpreter + --with-python=PATH Specify path to python interpreter --with-openssl=PATH Build with OpenSSL yes|no|path. (Required for DNSSEC) - + --with-ecdsa OpenSSL ECDSA + --with-gost OpenSSL GOST --with-pkcs11=PATH Build with PKCS11 support yes|no|path (PATH is for the PKCS11 provider) --with-gssapi=PATH Specify path for system-supplied GSSAPI [default=yes] @@ -2170,19 +2172,20 @@ Optional Packages: --with-purify=PATH use Rational purify --with-libtool use GNU libtool --with-export-libdir=PATH - installation directory for the export library - [EPREFIX/lib/bind9] + installation directory for the export library + [EPREFIX/lib/bind9] --with-export-includedir=PATH - installation directory for the header files of the - export library [PREFIX/include/bind9] + installation directory for the header files of the + export library [PREFIX/include/bind9] --with-kame=PATH use Kame IPv6 default path /usr/local/v6 --with-readline=LIBSPEC specify readline library default -lreadline + --with-docbook-xsl=PATH Specify path for Docbook-XSL stylesheets --with-idn=MPREFIX enable IDN support using idnkit default PREFIX --with-libiconv=IPREFIX GNU libiconv are in IPREFIX default PREFIX --with-iconv=LIBSPEC specify iconv library default -liconv --with-idnlib=ARG specify libidnkit - --with-atf=ARG Automated Test Framework support + --with-atf=ARG Automated Test Framework support --with-dlopen=ARG Support dynamically loadable DLZ drivers --with-dlz-postgres=PATH Build with Postgres DLZ driver yes|no|path. (Required to use Postgres with DLZ) @@ -13584,10 +13587,9 @@ auto) { $as_echo "$as_me:${as_lineno-$LINENO}: checking epoll support" >&5 $as_echo_n "checking epoll support... " >&6; } if test "$cross_compiling" = yes; then : - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot run test program while cross compiling -See \`config.log' for more details" "$LINENO" 5; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL" else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -14184,20 +14186,20 @@ $as_echo "Skipped OpenSSL version check" >&6; } ;; esac - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL DSA support" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL DSA support" >&5 $as_echo_n "checking for OpenSSL DSA support... " >&6; } - if test -f $use_openssl/include/openssl/dsa.h - then - $as_echo "#define HAVE_OPENSSL_DSA 1" >>confdefs.h + if test -f $use_openssl/include/openssl/dsa.h + then + $as_echo "#define HAVE_OPENSSL_DSA 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - fi + fi - for ac_func in EVP_sha256 EVP_sha384 EVP_sha512 + for ac_func in EVP_sha256 EVP_sha384 EVP_sha512 do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -14210,14 +14212,12 @@ fi done - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ECDSA support" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ECDSA support" >&5 $as_echo_n "checking for OpenSSL ECDSA support... " >&6; } - have_ecdsa="" - if test "$cross_compiling" = yes; then : - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot run test program while cross compiling -See \`config.log' for more details" "$LINENO" 5; } + have_ecdsa="" + if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: using --with-ecdsa" >&5 +$as_echo "using --with-ecdsa" >&6; } else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -14242,30 +14242,55 @@ _ACEOF if ac_fn_c_try_run "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - have_ecdsa="yes" + have_ecdsa="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - have_ecdsa="no" + have_ecdsa="no" fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi - case $have_ecdsa in - yes) - OPENSSL_ECDSA="yes" - $as_echo "#define HAVE_OPENSSL_ECDSA 1" >>confdefs.h - ;; - *) - ;; - esac +# Check whether --with-ecdsa was given. +if test "${with_ecdsa+set}" = set; then : + withval=$with_ecdsa; with_ecdsa="$withval" +else + with_ecdsa="auto" +fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL GOST support" >&5 + case "$with_ecdsa" in + yes) + case "$have_ecdsa" in + no) as_fn_error $? "ecdsa not supported" "$LINENO" 5 ;; + *) have_ecdsa=yes ;; + esac + ;; + no) + have_ecdsa=no ;; + *) + case "$have_ecdsa" in + yes|no) ;; + *) as_fn_error $? "need --with-ecdsa=[yes or no]" "$LINENO" 5 ;; + esac + ;; + esac + case $have_ecdsa in + yes) + OPENSSL_ECDSA="yes" + +$as_echo "#define HAVE_OPENSSL_ECDSA 1" >>confdefs.h + + ;; + *) + ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL GOST support" >&5 $as_echo_n "checking for OpenSSL GOST support... " >&6; } - have_gost="" - if test "$cross_compiling" = yes; then : + have_gost="" + if test "$cross_compiling" = yes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: using --with-gost" >&5 $as_echo "using --with-gost" >&6; } else @@ -14297,11 +14322,11 @@ _ACEOF if ac_fn_c_try_run "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - have_gost="yes" + have_gost="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - have_gost="no" + have_gost="no" fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -14315,38 +14340,38 @@ else with_gost="auto" fi - case "$with_gost" in - yes) - case "$have_gost" in - no) as_fn_error $? "gost not supported" "$LINENO" 5 ;; - *) have_gost=yes ;; - esac - ;; - no) - have_gost=no ;; - *) - case "$have_gost" in - yes|no) ;; - *) as_fn_error $? "need --with-gost=[yes or no]" "$LINENO" 5 ;; - esac - ;; - esac - case $have_gost in - yes) - OPENSSL_GOST="yes" + case "$with_gost" in + yes) + case "$have_gost" in + no) as_fn_error $? "gost not supported" "$LINENO" 5 ;; + *) have_gost=yes ;; + esac + ;; + no) + have_gost=no ;; + *) + case "$have_gost" in + yes|no) ;; + *) as_fn_error $? "need --with-gost=[yes or no]" "$LINENO" 5 ;; + esac + ;; + esac + case $have_gost in + yes) + OPENSSL_GOST="yes" $as_echo "#define HAVE_OPENSSL_GOST 1" >>confdefs.h - ;; - *) - ;; - esac - CFLAGS="$saved_cflags" - LIBS="$saved_libs" - OPENSSLLINKOBJS='${OPENSSLLINKOBJS}' - OPENSSLLINKSRCS='${OPENSSLLINKSRCS}' + ;; + *) + ;; + esac + CFLAGS="$saved_cflags" + LIBS="$saved_libs" + OPENSSLLINKOBJS='${OPENSSLLINKOBJS}' + OPENSSLLINKSRCS='${OPENSSLLINKSRCS}' - ;; + ;; esac # @@ -14708,6 +14733,12 @@ fi case "$use_randomdev" in unspec) + case "$cross_compiling" in + yes) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unspecified" >&5 +$as_echo "unspecified" >&6; } + as_fn_error $? " need --with-randomdev=PATH or --with-randomdev=no" "$LINENO" 5 + esac case "$host" in *-openbsd*) devrandom=/dev/arandom @@ -14742,6 +14773,7 @@ _ACEOF fi + ;; yes) as_fn_error $? "--with-randomdev must specify a path" "$LINENO" 5 @@ -15678,7 +15710,7 @@ case "$use_libxml2" in ;; auto|yes) case X`(xml2-config --version) 2>/dev/null` in - X2.[678].*) + X2.[6789].*) libxml2_libs=`xml2-config --libs` libxml2_cflags=`xml2-config --cflags` ;; @@ -18995,7 +19027,7 @@ case "$docbook_path" in auto) { $as_echo "$as_me:${as_lineno-$LINENO}: result: auto" >&5 $as_echo "auto" >&6; } - docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook /usr/share/xsl/docbook /opt/local/share/xsl/docbook-xsl/" + docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook /usr/share/xsl/docbook /opt/local/share/xsl/docbook-xsl" ;; *) docbook_xsl_trees="$withval" diff --git a/configure.in b/configure.in index 2926f55250..f13f5c1f46 100644 --- a/configure.in +++ b/configure.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2003 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -63,7 +63,7 @@ It is available from http://www.isc.org as a separate download.]) ;; esac -AC_ARG_ENABLE(developer, [ --enable-developer enable developer build settings]) +AC_ARG_ENABLE(developer, [ --enable-developer enable developer build settings]) case "$enable_developer" in yes) test "${enable_fixed_rrset+set}" = set || enable_fixed_rrset=yes @@ -142,7 +142,7 @@ AC_SUBST(PERL) # If python is unavailable, we simply don't build those. # AC_ARG_WITH(python, -[ --with-python=PATH Specify path to python interpreter], +[ --with-python=PATH Specify path to python interpreter], use_python="$withval", use_python="unspec") case "$use_python" in @@ -522,6 +522,8 @@ int main() { [AC_MSG_RESULT(yes) ISC_PLATFORM_HAVEEPOLL="#define ISC_PLATFORM_HAVEEPOLL 1"], [AC_MSG_RESULT(no) + ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"], + [AC_MSG_RESULT(no) ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"]) ;; yes) @@ -768,20 +770,20 @@ no) ;; esac - AC_MSG_CHECKING(for OpenSSL DSA support) - if test -f $use_openssl/include/openssl/dsa.h - then - AC_DEFINE(HAVE_OPENSSL_DSA) - AC_MSG_RESULT(yes) - else - AC_MSG_RESULT(no) - fi + AC_MSG_CHECKING(for OpenSSL DSA support) + if test -f $use_openssl/include/openssl/dsa.h + then + AC_DEFINE(HAVE_OPENSSL_DSA) + AC_MSG_RESULT(yes) + else + AC_MSG_RESULT(no) + fi - AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512) + AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512) - AC_MSG_CHECKING(for OpenSSL ECDSA support) - have_ecdsa="" - AC_TRY_RUN([ + AC_MSG_CHECKING(for OpenSSL ECDSA support) + have_ecdsa="" + AC_TRY_RUN([ #include #include #include @@ -798,22 +800,42 @@ int main() { return (0); } ], - [AC_MSG_RESULT(yes) - have_ecdsa="yes"], - [AC_MSG_RESULT(no) - have_ecdsa="no"]) - case $have_ecdsa in - yes) - OPENSSL_ECDSA="yes" - AC_DEFINE(HAVE_OPENSSL_ECDSA) - ;; - *) - ;; - esac + [AC_MSG_RESULT(yes) + have_ecdsa="yes"], + [AC_MSG_RESULT(no) + have_ecdsa="no"], + [AC_MSG_RESULT(using --with-ecdsa)]) + AC_ARG_WITH(ecdsa, [ --with-ecdsa OpenSSL ECDSA], + with_ecdsa="$withval", with_ecdsa="auto") + case "$with_ecdsa" in + yes) + case "$have_ecdsa" in + no) AC_MSG_ERROR([ecdsa not supported]) ;; + *) have_ecdsa=yes ;; + esac + ;; + no) + have_ecdsa=no ;; + *) + case "$have_ecdsa" in + yes|no) ;; + *) AC_MSG_ERROR([need --with-ecdsa=[[yes or no]]]) ;; + esac + ;; + esac + case $have_ecdsa in + yes) + OPENSSL_ECDSA="yes" + AC_DEFINE(HAVE_OPENSSL_ECDSA, 1, + [Define if your OpenSSL version supports ECDSA.]) + ;; + *) + ;; + esac - AC_MSG_CHECKING(for OpenSSL GOST support) - have_gost="" - AC_TRY_RUN([ + AC_MSG_CHECKING(for OpenSSL GOST support) + have_gost="" + AC_TRY_RUN([ #include #include int main() { @@ -835,43 +857,44 @@ int main() { #endif } ], - [AC_MSG_RESULT(yes) - have_gost="yes"], - [AC_MSG_RESULT(no) - have_gost="no"], - [AC_MSG_RESULT(using --with-gost)]) - AC_ARG_WITH(gost, , with_gost="$withval", with_gost="auto") - case "$with_gost" in - yes) - case "$have_gost" in - no) AC_MSG_ERROR([gost not supported]) ;; - *) have_gost=yes ;; - esac - ;; - no) - have_gost=no ;; - *) - case "$have_gost" in - yes|no) ;; - *) AC_MSG_ERROR([need --with-gost=[[yes or no]]]) ;; - esac - ;; - esac - case $have_gost in - yes) - OPENSSL_GOST="yes" - AC_DEFINE(HAVE_OPENSSL_GOST, 1, - [Define if your OpenSSL version supports GOST.]) - ;; - *) - ;; - esac - CFLAGS="$saved_cflags" - LIBS="$saved_libs" - OPENSSLLINKOBJS='${OPENSSLLINKOBJS}' - OPENSSLLINKSRCS='${OPENSSLLINKSRCS}' + [AC_MSG_RESULT(yes) + have_gost="yes"], + [AC_MSG_RESULT(no) + have_gost="no"], + [AC_MSG_RESULT(using --with-gost)]) + AC_ARG_WITH(gost, [ --with-gost OpenSSL GOST], + with_gost="$withval", with_gost="auto") + case "$with_gost" in + yes) + case "$have_gost" in + no) AC_MSG_ERROR([gost not supported]) ;; + *) have_gost=yes ;; + esac + ;; + no) + have_gost=no ;; + *) + case "$have_gost" in + yes|no) ;; + *) AC_MSG_ERROR([need --with-gost=[[yes or no]]]) ;; + esac + ;; + esac + case $have_gost in + yes) + OPENSSL_GOST="yes" + AC_DEFINE(HAVE_OPENSSL_GOST, 1, + [Define if your OpenSSL version supports GOST.]) + ;; + *) + ;; + esac + CFLAGS="$saved_cflags" + LIBS="$saved_libs" + OPENSSLLINKOBJS='${OPENSSLLINKOBJS}' + OPENSSLLINKSRCS='${OPENSSLLINKSRCS}' - ;; + ;; esac # @@ -1152,6 +1175,11 @@ AC_ARG_WITH(randomdev, case "$use_randomdev" in unspec) + case "$cross_compiling" in + yes) + AC_MSG_RESULT(unspecified) + AC_MSG_ERROR([ need --with-randomdev=PATH or --with-randomdev=no]) + esac case "$host" in *-openbsd*) devrandom=/dev/arandom @@ -1164,6 +1192,7 @@ case "$use_randomdev" in AC_CHECK_FILE($devrandom, AC_DEFINE_UNQUOTED(PATH_RANDOMDEV, "$devrandom"),) + ;; yes) AC_MSG_ERROR([--with-randomdev must specify a path]) @@ -1335,7 +1364,7 @@ case "$use_libxml2" in ;; auto|yes) case X`(xml2-config --version) 2>/dev/null` in - X2.[[678]].*) + X2.[[6789]].*) libxml2_libs=`xml2-config --libs` libxml2_cflags=`xml2-config --cflags` ;; @@ -1672,8 +1701,8 @@ AC_SUBST(LIBTOOL_IN_MAIN) # build exportable DNS library? # AC_ARG_ENABLE(exportlib, - [ --enable-exportlib build exportable library (GNU make required) - [[default=no]]]) + [ --enable-exportlib build exportable library (GNU make required) + [[default=no]]]) case "$enable_exportlib" in yes) gmake= @@ -1698,8 +1727,8 @@ AC_SUBST(BIND9_CO_RULE) AC_ARG_WITH(export-libdir, [ --with-export-libdir[=PATH] - installation directory for the export library - [[EPREFIX/lib/bind9]]], + installation directory for the export library + [[EPREFIX/lib/bind9]]], export_libdir="$withval",) if test -z "$export_libdir"; then export_libdir="\${exec_prefix}/lib/bind9/" @@ -1708,8 +1737,8 @@ AC_SUBST(export_libdir) AC_ARG_WITH(export-includedir, [ --with-export-includedir[=PATH] - installation directory for the header files of the - export library [[PREFIX/include/bind9]]], + installation directory for the header files of the + export library [[PREFIX/include/bind9]]], export_includedir="$withval",) if test -z "$export_includedir"; then export_includedir="\${prefix}/include/bind9/" @@ -3094,7 +3123,7 @@ AC_ARG_WITH(docbook-xsl, case "$docbook_path" in auto) AC_MSG_RESULT(auto) - docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook /usr/share/xsl/docbook /opt/local/share/xsl/docbook-xsl/" + docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook /usr/share/xsl/docbook /opt/local/share/xsl/docbook-xsl" ;; *) docbook_xsl_trees="$withval" @@ -3230,7 +3259,7 @@ AC_SUBST(IDNLIBS) # Check whether to build Automated Test Framework unit tests # AC_ARG_WITH(atf, - [ --with-atf=ARG Automated Test Framework support], + [ --with-atf=ARG Automated Test Framework support], atf="$withval", atf="no") if test "$atf" = yes; then atf=`pwd`/unit/atf diff --git a/contrib/dlz/drivers/dlz_filesystem_driver.c b/contrib/dlz/drivers/dlz_filesystem_driver.c index 8bafa1ce89..3a03798877 100644 --- a/contrib/dlz/drivers/dlz_filesystem_driver.c +++ b/contrib/dlz/drivers/dlz_filesystem_driver.c @@ -108,8 +108,7 @@ fs_destroy(void *driverarg, void *dbdata); */ static isc_boolean_t -is_safe(const char *input) -{ +is_safe(const char *input) { unsigned int i; unsigned int len = strlen(input); @@ -119,13 +118,13 @@ is_safe(const char *input) if (input[i] == '.') { /* '.' is not allowed as first char */ if (i == 0) - return ISC_FALSE; + return (ISC_FALSE); /* '..', two dots together is not allowed. */ else if (input[i-1] == '.') - return ISC_FALSE; + return (ISC_FALSE); /* '.' is not allowed as last char */ if (i == len) - return ISC_FALSE; + return (ISC_FALSE); /* only 1 dot in ok location, continue at next char */ continue; } @@ -161,16 +160,14 @@ is_safe(const char *input) * if we reach this point we have encountered a * disallowed char! */ - return ISC_FALSE; + return (ISC_FALSE); } /* everything ok. */ - return ISC_TRUE; + return (ISC_TRUE); } static isc_result_t -create_path_helper(char *out, const char *in, config_data_t *cd) -{ - +create_path_helper(char *out, const char *in, config_data_t *cd) { char *tmpString; char *tmpPtr; int i; @@ -238,6 +235,7 @@ create_path(const char *zone, const char *host, const char *client, int pathsize; int len; isc_result_t result; + isc_boolean_t isroot = ISC_FALSE; /* we require a zone & cd parameter */ REQUIRE(zone != NULL); @@ -252,16 +250,20 @@ create_path(const char *zone, const char *host, const char *client, (host != NULL && client == NULL) || (host == NULL && client != NULL) ); + /* special case for root zone */ + if (strcmp(zone, ".") == 0) + isroot = ISC_TRUE; + /* if the requested zone is "unsafe", return error */ - if (is_safe(zone) != ISC_TRUE) + if (!isroot && !is_safe(zone)) return (ISC_R_FAILURE); /* if host was passed, verify that it is safe */ - if ((host != NULL) && (is_safe(host) != ISC_TRUE) ) + if (host != NULL && !is_safe(host)) return (ISC_R_FAILURE); /* if client was passed, verify that it is safe */ - if ((client != NULL) && (is_safe(client) != ISC_TRUE) ) + if (client != NULL && !is_safe(client)) return (ISC_R_FAILURE); /* Determine how much memory the split up string will require */ @@ -302,8 +304,11 @@ create_path(const char *zone, const char *host, const char *client, strcpy(tmpPath, cd->basedir); /* add zone name - parsed properly */ - if ((result = create_path_helper(tmpPath, zone, cd)) != ISC_R_SUCCESS) - goto cleanup_mem; + if (!isroot) { + result = create_path_helper(tmpPath, zone, cd); + if (result != ISC_R_SUCCESS) + goto cleanup_mem; + } /* * When neither client or host is passed we are building a @@ -356,7 +361,7 @@ create_path(const char *zone, const char *host, const char *client, isc_mem_free(ns_g_mctx, tmpPath); /* free tmpPath memory */ - return result; + return (result); } static isc_result_t @@ -525,7 +530,7 @@ process_dir(isc_dir_t *dir, void *passback, config_data_t *cd, "Filesystem driver: " "%s could not be parsed properly", tmp); - return ISC_R_FAILURE; + return (ISC_R_FAILURE); } /* replace separator char with NULL to split string */ @@ -540,7 +545,7 @@ process_dir(isc_dir_t *dir, void *passback, config_data_t *cd, "Filesystem driver: " "%s could not be parsed properly", tmp); - return ISC_R_FAILURE; + return (ISC_R_FAILURE); } /* replace separator char with NULL to split string */ @@ -578,10 +583,10 @@ process_dir(isc_dir_t *dir, void *passback, config_data_t *cd, /* if error, return error right away */ if (result != ISC_R_SUCCESS) - return result; + return (result); } /* end of while loop */ - return result; + return (result); } /* @@ -621,7 +626,7 @@ fs_allowzonexfr(void *driverarg, void *dbdata, const char *name, complete_AXFR: isc_mem_free(ns_g_mctx, path); - return result; + return (result); } static isc_result_t @@ -740,7 +745,7 @@ fs_allnodes(const char *zone, void *driverarg, void *dbdata, if (basepath != NULL) isc_mem_free(ns_g_mctx, basepath); - return result; + return (result); } static isc_result_t @@ -779,7 +784,7 @@ fs_findzone(void *driverarg, void *dbdata, const char *name) complete_FZ: isc_mem_free(ns_g_mctx, path); - return result; + return (result); } static isc_result_t @@ -854,7 +859,7 @@ fs_lookup(const char *zone, const char *name, void *driverarg, complete_lkup: isc_mem_free(ns_g_mctx, path); - return result; + return (result); } static isc_result_t @@ -950,7 +955,7 @@ fs_create(const char *dlzname, unsigned int argc, char *argv[], *dbdata = cd; /* return success */ - return(ISC_R_SUCCESS); + return (ISC_R_SUCCESS); /* handle no memory error */ no_mem: @@ -1045,7 +1050,7 @@ dlz_fs_init(void) result = ISC_R_UNEXPECTED; } - return result; + return (result); } /*% diff --git a/contrib/dlz/drivers/sdlz_helper.c b/contrib/dlz/drivers/sdlz_helper.c index 85ad3b1c75..76dee7e36c 100644 --- a/contrib/dlz/drivers/sdlz_helper.c +++ b/contrib/dlz/drivers/sdlz_helper.c @@ -481,7 +481,7 @@ sdlzh_destroy_sqldbinstance(dbinstance_t *dbi) destroy_querylist(mctx, &dbi->lookup_q); /* get rid of the mutex */ - isc_mutex_destroy(&dbi->instance_lock); + (void) isc_mutex_destroy(&dbi->instance_lock); /* return, and detach the memory */ isc_mem_put(mctx, dbi, sizeof(dbinstance_t)); diff --git a/contrib/dlz/example/dlz_example.c b/contrib/dlz/example/dlz_example.c index 66d3545f10..722d2dcd91 100644 --- a/contrib/dlz/example/dlz_example.c +++ b/contrib/dlz/example/dlz_example.c @@ -37,6 +37,13 @@ #define STRTOK_R(a, b, c) strtok(a, b) #endif +#define CHECK(x) \ + do { \ + result = (x); \ + if (result != ISC_R_SUCCESS) \ + goto failure; \ + } while (0) + /* For this simple example, use fixed sized strings */ struct record { char name[100]; @@ -104,13 +111,22 @@ add_name(struct dlz_example_data *state, struct record *list, i = first_empty; } if (i == MAX_RECORDS) { - state->log(ISC_LOG_ERROR, "dlz_example: out of record space"); + if (state->log != NULL) + state->log(ISC_LOG_ERROR, + "dlz_example: out of record space"); return (ISC_R_FAILURE); } - strcpy(list[i].name, name); - strcpy(list[i].type, type); - strcpy(list[i].data, data); + + if (strlen(name) >= sizeof(list[i].name) || + strlen(type) >= sizeof(list[i].type) || + strlen(data) >= sizeof(list[i].data)) + return (ISC_R_NOSPACE); + + strncpy(list[i].name, name, sizeof(list[i].name)); + strncpy(list[i].type, type, sizeof(list[i].type)); + strncpy(list[i].data, data, sizeof(list[i].data)); list[i].ttl = ttl; + return (ISC_R_SUCCESS); } @@ -195,7 +211,6 @@ b9_add_helper(struct dlz_example_data *state, state->writeable_zone = (dns_dlz_writeablezone_t *)ptr; } - /* * Called to initialize the driver */ @@ -207,6 +222,9 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], const char *helper_name; va_list ap; char soa_data[200]; + const char *extra; + isc_result_t result; + int n; UNUSED(dlzname); @@ -217,20 +235,36 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], /* Fill in the helper functions */ va_start(ap, dbdata); while ((helper_name = va_arg(ap, const char *)) != NULL) { - b9_add_helper(state, helper_name, va_arg(ap, void*)); + b9_add_helper(state, helper_name, va_arg(ap, void *)); } va_end(ap); if (argc < 2) { - state->log(ISC_LOG_ERROR, - "dlz_example: please specify a zone name"); + if (state->log != NULL) + state->log(ISC_LOG_ERROR, + "dlz_example: please specify a zone name"); + dlz_destroy(state); return (ISC_R_FAILURE); } state->zone_name = strdup(argv[1]); + if (state->zone_name == NULL) { + free(state); + return (ISC_R_NOMEMORY); + } - sprintf(soa_data, "%s hostmaster.%s 123 900 600 86400 3600", - state->zone_name, state->zone_name); + if (strcmp(state->zone_name, ".") == 0) + extra = ".root"; + else + extra = "."; + + n = sprintf(soa_data, "%s hostmaster%s%s 123 900 600 86400 3600", + state->zone_name, extra, state->zone_name); + + if (n < 0) + CHECK(ISC_R_FAILURE); + if ((unsigned)n >= sizeof(soa_data)) + CHECK(ISC_R_NOSPACE); add_name(state, &state->current[0], state->zone_name, "soa", 3600, soa_data); @@ -239,12 +273,17 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[], add_name(state, &state->current[0], state->zone_name, "a", 1800, "10.53.0.1"); - state->log(ISC_LOG_INFO, - "dlz_example: started for zone %s", - state->zone_name); + if (state->log != NULL) + state->log(ISC_LOG_INFO, "dlz_example: started for zone %s", + state->zone_name); *dbdata = state; return (ISC_R_SUCCESS); + + failure: + free(state); + return (result); + } /* @@ -254,9 +293,10 @@ void dlz_destroy(void *dbdata) { struct dlz_example_data *state = (struct dlz_example_data *)dbdata; - state->log(ISC_LOG_INFO, - "dlz_example: shutting down zone %s", - state->zone_name); + if (state->log != NULL) + state->log(ISC_LOG_INFO, + "dlz_example: shutting down zone %s", + state->zone_name); free(state->zone_name); free(state); } @@ -291,15 +331,19 @@ dlz_lookup(const char *zone, const char *name, void *dbdata, struct dlz_example_data *state = (struct dlz_example_data *)dbdata; isc_boolean_t found = ISC_FALSE; isc_sockaddr_t *src; - char full_name[100]; + char full_name[256]; int i; UNUSED(zone); - if (strcmp(name, "@") == 0) - strcpy(full_name, state->zone_name); - else - sprintf(full_name, "%s.%s", name, state->zone_name); + if (state->putrr == NULL) + return (ISC_R_NOTIMPLEMENTED); + + if (strcmp(name, "@") == 0) { + strncpy(full_name, state->zone_name, 255); + full_name[255] = '\0'; + } else + snprintf(full_name, 255, "%s.%s", name, state->zone_name); if (strcmp(name, "source-addr") == 0) { char buf[100]; @@ -312,7 +356,7 @@ dlz_lookup(const char *zone, const char *name, void *dbdata, fmt_address(src, buf, sizeof(buf)); } - fprintf(stderr, "connection from: %s\n", buf); + fprintf(stderr, "lookup: connection from: %s\n", buf); found = ISC_TRUE; result = state->putrr(lookup, "TXT", 0, buf); @@ -359,6 +403,9 @@ dlz_allnodes(const char *zone, void *dbdata, dns_sdlzallnodes_t *allnodes) { UNUSED(zone); + if (state->putnamedrr == NULL) + return (ISC_R_NOTIMPLEMENTED); + for (i = 0; i < MAX_RECORDS; i++) { isc_result_t result; if (strlen(state->current[i].name) == 0U) { @@ -384,9 +431,10 @@ dlz_newversion(const char *zone, void *dbdata, void **versionp) { struct dlz_example_data *state = (struct dlz_example_data *)dbdata; if (state->transaction_started) { - state->log(ISC_LOG_INFO, - "dlz_example: transaction already " - "started for zone %s", zone); + if (state->log != NULL) + state->log(ISC_LOG_INFO, + "dlz_example: transaction already " + "started for zone %s", zone); return (ISC_R_FAILURE); } @@ -406,9 +454,9 @@ dlz_closeversion(const char *zone, isc_boolean_t commit, struct dlz_example_data *state = (struct dlz_example_data *)dbdata; if (!state->transaction_started) { - state->log(ISC_LOG_INFO, - "dlz_example: transaction not started for zone %s", - zone); + if (state->log != NULL) + state->log(ISC_LOG_INFO, "dlz_example: transaction not " + "started for zone %s", zone); *versionp = NULL; return; } @@ -419,31 +467,31 @@ dlz_closeversion(const char *zone, isc_boolean_t commit, if (commit) { int i; - state->log(ISC_LOG_INFO, - "dlz_example: committing transaction on zone %s", - zone); + if (state->log != NULL) + state->log(ISC_LOG_INFO, "dlz_example: committing " + "transaction on zone %s", zone); for (i = 0; i < MAX_RECORDS; i++) { - if (strlen(state->adds[i].name) > 0U) { - add_name(state, &state->current[0], - state->adds[i].name, - state->adds[i].type, - state->adds[i].ttl, - state->adds[i].data); + if (strlen(state->deletes[i].name) > 0U) { + (void)del_name(state, &state->current[0], + state->deletes[i].name, + state->deletes[i].type, + state->deletes[i].ttl, + state->deletes[i].data); } } for (i = 0; i < MAX_RECORDS; i++) { - if (strlen(state->deletes[i].name) > 0U) { - del_name(state, &state->current[0], - state->deletes[i].name, - state->deletes[i].type, - state->deletes[i].ttl, - state->deletes[i].data); + if (strlen(state->adds[i].name) > 0U) { + (void)add_name(state, &state->current[0], + state->adds[i].name, + state->adds[i].type, + state->adds[i].ttl, + state->adds[i].data); } } } else { - state->log(ISC_LOG_INFO, - "dlz_example: cancelling transaction on zone %s", - zone); + if (state->log != NULL) + state->log(ISC_LOG_INFO, "dlz_example: cancelling " + "transaction on zone %s", zone); } memset(state->adds, 0, sizeof(state->adds)); memset(state->deletes, 0, sizeof(state->deletes)); @@ -458,25 +506,27 @@ dlz_configure(dns_view_t *view, void *dbdata) { struct dlz_example_data *state = (struct dlz_example_data *)dbdata; isc_result_t result; + if (state->log != NULL) + state->log(ISC_LOG_INFO, "dlz_example: starting configure"); - state->log(ISC_LOG_INFO, "dlz_example: starting configure"); if (state->writeable_zone == NULL) { - state->log(ISC_LOG_INFO, - "dlz_example: no writeable_zone method available"); + if (state->log != NULL) + state->log(ISC_LOG_INFO, "dlz_example: no " + "writeable_zone method available"); return (ISC_R_FAILURE); } result = state->writeable_zone(view, state->zone_name); if (result != ISC_R_SUCCESS) { - state->log(ISC_LOG_ERROR, - "dlz_example: failed to configure zone %s", - state->zone_name); + if (state->log != NULL) + state->log(ISC_LOG_ERROR, "dlz_example: failed to " + "configure zone %s", state->zone_name); return (result); } - state->log(ISC_LOG_INFO, - "dlz_example: configured writeable zone %s", - state->zone_name); + if (state->log != NULL) + state->log(ISC_LOG_INFO, "dlz_example: configured writeable " + "zone %s", state->zone_name); return (ISC_R_SUCCESS); } @@ -497,14 +547,14 @@ dlz_ssumatch(const char *signer, const char *name, const char *tcpaddr, UNUSED(keydata); if (strncmp(name, "deny.", 5) == 0) { - state->log(ISC_LOG_INFO, - "dlz_example: denying update of name=%s by %s", - name, signer); + if (state->log != NULL) + state->log(ISC_LOG_INFO, "dlz_example: denying update " + "of name=%s by %s", name, signer); return (ISC_FALSE); } - state->log(ISC_LOG_INFO, - "dlz_example: allowing update of name=%s by %s", - name, signer); + if (state->log != NULL) + state->log(ISC_LOG_INFO, "dlz_example: allowing update of " + "name=%s by %s", name, signer); return (ISC_TRUE); } @@ -513,13 +563,16 @@ static isc_result_t modrdataset(struct dlz_example_data *state, const char *name, const char *rdatastr, struct record *list) { - char *full_name, *dclass, *type, *data, *ttlstr; - char *buf = strdup(rdatastr); + char *full_name, *dclass, *type, *data, *ttlstr, *buf; isc_result_t result; #if defined(WIN32) || defined(_REENTRANT) char *saveptr = NULL; #endif + buf = strdup(rdatastr); + if (buf == NULL) + return (ISC_R_FAILURE); + /* * The format is: * FULLNAME\tTTL\tDCLASS\tTYPE\tDATA @@ -530,28 +583,32 @@ modrdataset(struct dlz_example_data *state, const char *name, full_name = STRTOK_R(buf, "\t", &saveptr); if (full_name == NULL) - return (ISC_R_FAILURE); + goto error; ttlstr = STRTOK_R(NULL, "\t", &saveptr); if (ttlstr == NULL) - return (ISC_R_FAILURE); + goto error; dclass = STRTOK_R(NULL, "\t", &saveptr); if (dclass == NULL) - return (ISC_R_FAILURE); + goto error; type = STRTOK_R(NULL, "\t", &saveptr); if (type == NULL) - return (ISC_R_FAILURE); + goto error; data = STRTOK_R(NULL, "\t", &saveptr); if (data == NULL) - return (ISC_R_FAILURE); + goto error; result = add_name(state, list, name, type, strtoul(ttlstr, NULL, 10), data); free(buf); return (result); + + error: + free(buf); + return (ISC_R_FAILURE); } @@ -564,9 +621,9 @@ dlz_addrdataset(const char *name, const char *rdatastr, if (version != (void *) &state->transaction_started) return (ISC_R_FAILURE); - state->log(ISC_LOG_INFO, - "dlz_example: adding rdataset %s '%s'", - name, rdatastr); + if (state->log != NULL) + state->log(ISC_LOG_INFO, "dlz_example: adding rdataset %s '%s'", + name, rdatastr); return (modrdataset(state, name, rdatastr, &state->adds[0])); } @@ -580,9 +637,9 @@ dlz_subrdataset(const char *name, const char *rdatastr, if (version != (void *) &state->transaction_started) return (ISC_R_FAILURE); - state->log(ISC_LOG_INFO, - "dlz_example: subtracting rdataset %s '%s'", - name, rdatastr); + if (state->log != NULL) + state->log(ISC_LOG_INFO, "dlz_example: subtracting rdataset " + "%s '%s'", name, rdatastr); return (modrdataset(state, name, rdatastr, &state->deletes[0])); } @@ -597,9 +654,9 @@ dlz_delrdataset(const char *name, const char *type, if (version != (void *) &state->transaction_started) return (ISC_R_FAILURE); - state->log(ISC_LOG_INFO, - "dlz_example: deleting rdataset %s of type %s", - name, type); + if (state->log != NULL) + state->log(ISC_LOG_INFO, "dlz_example: deleting rdataset %s " + "of type %s", name, type); return (ISC_R_SUCCESS); } diff --git a/contrib/dlz/example/dlz_minimal.h b/contrib/dlz/example/dlz_minimal.h index c72c1d4c75..b0f41e77f2 100644 --- a/contrib/dlz/example/dlz_minimal.h +++ b/contrib/dlz/example/dlz_minimal.h @@ -45,8 +45,10 @@ typedef uint32_t dns_ttl_t; #define ISC_R_SUCCESS 0 #define ISC_R_NOMEMORY 1 #define ISC_R_NOPERM 6 +#define ISC_R_NOSPACE 19 #define ISC_R_NOTFOUND 23 #define ISC_R_FAILURE 25 +#define ISC_R_NOTIMPLEMENTED 27 #define ISC_R_NOMORE 29 /* boolean values */ diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index fedb397fce..1631c0b7bc 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -7291,6 +7291,12 @@ options { disallow them on external-facing ones, without necessarily knowing the internal network's addresses. + + Note that allow-query-on is only + checked for queries that are permitted by + allow-query. A query must be + allowed by both ACLs, or it will be refused. + allow-query-on may also be specified in the zone diff --git a/lib/bind9/check.c b/lib/bind9/check.c index 1bdda37cbb..3186a90a82 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -100,7 +100,7 @@ check_orderent(const cfg_obj_t *ent, isc_log_t *logctx) { obj = cfg_tuple_get(ent, "name"); if (cfg_obj_isstring(obj)) { str = cfg_obj_asstring(obj); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); tresult = dns_name_fromtext(dns_fixedname_name(&fixed), &b, dns_rootname, 0, NULL); @@ -197,7 +197,7 @@ check_dual_stack(const cfg_obj_t *options, isc_log_t *logctx) { continue; obj = cfg_tuple_get(value, "name"); str = cfg_obj_asstring(obj); - isc_buffer_init(&buffer, str, strlen(str)); + isc_buffer_constinit(&buffer, str, strlen(str)); isc_buffer_add(&buffer, strlen(str)); dns_fixedname_init(&fixed); name = dns_fixedname_name(&fixed); @@ -263,7 +263,7 @@ disabled_algorithms(const cfg_obj_t *disabled, isc_log_t *logctx) { name = dns_fixedname_name(&fixed); obj = cfg_tuple_get(disabled, "name"); str = cfg_obj_asstring(obj); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); tresult = dns_name_fromtext(name, &b, dns_rootname, 0, NULL); if (tresult != ISC_R_SUCCESS) { @@ -346,7 +346,7 @@ mustbesecure(const cfg_obj_t *secure, isc_symtab_t *symtab, isc_log_t *logctx, name = dns_fixedname_name(&fixed); obj = cfg_tuple_get(secure, "name"); str = cfg_obj_asstring(obj); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL); if (result != ISC_R_SUCCESS) { @@ -813,7 +813,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, element = cfg_list_next(element)) { exclude = cfg_listelt_value(element); str = cfg_obj_asstring(exclude); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); tresult = dns_name_fromtext(name, &b, dns_rootname, @@ -881,7 +881,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, continue; } - isc_buffer_init(&b, dlv, strlen(dlv)); + isc_buffer_constinit(&b, dlv, strlen(dlv)); isc_buffer_add(&b, strlen(dlv)); tresult = dns_name_fromtext(name, &b, dns_rootname, 0, NULL); @@ -915,7 +915,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, if (!cfg_obj_isvoid(anchor)) { dlv = cfg_obj_asstring(anchor); - isc_buffer_init(&b, dlv, strlen(dlv)); + isc_buffer_constinit(&b, dlv, strlen(dlv)); isc_buffer_add(&b, strlen(dlv)); tresult = dns_name_fromtext(name, &b, dns_rootname, @@ -989,7 +989,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, (void)cfg_map_get(options, server_contact[i], &obj); if (obj != NULL) { str = cfg_obj_asstring(obj); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); tresult = dns_name_fromtext(dns_fixedname_name(&fixed), &b, dns_rootname, 0, NULL); @@ -1013,7 +1013,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx, { obj = cfg_listelt_value(element); str = cfg_obj_asstring(obj); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); tresult = dns_name_fromtext(dns_fixedname_name(&fixed), &b, dns_rootname, 0, NULL); @@ -1198,7 +1198,7 @@ check_update_policy(const cfg_obj_t *policy, isc_log_t *logctx) { dns_fixedname_init(&fixed); str = cfg_obj_asstring(identity); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); tresult = dns_name_fromtext(dns_fixedname_name(&fixed), &b, dns_rootname, 0, NULL); @@ -1212,7 +1212,7 @@ check_update_policy(const cfg_obj_t *policy, isc_log_t *logctx) { strcasecmp(cfg_obj_asstring(matchtype), "zonesub") != 0) { dns_fixedname_init(&fixed); str = cfg_obj_asstring(dname); - isc_buffer_init(&b, str, strlen(str)); + isc_buffer_constinit(&b, str, strlen(str)); isc_buffer_add(&b, strlen(str)); tresult = dns_name_fromtext(dns_fixedname_name(&fixed), &b, dns_rootname, 0, NULL); @@ -1457,7 +1457,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, * deals with strings. */ dns_fixedname_init(&fixedname); - isc_buffer_init(&b, znamestr, strlen(znamestr)); + isc_buffer_constinit(&b, znamestr, strlen(znamestr)); isc_buffer_add(&b, strlen(znamestr)); tresult = dns_name_fromtext(dns_fixedname_name(&fixedname), &b, dns_rootname, DNS_NAME_DOWNCASE, NULL); @@ -1755,7 +1755,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, snamestr = cfg_obj_asstring(obj); dns_fixedname_init(&fixed_sname); - isc_buffer_init(&b2, snamestr, strlen(snamestr)); + isc_buffer_constinit(&b2, snamestr, strlen(snamestr)); isc_buffer_add(&b2, strlen(snamestr)); sname = dns_fixedname_name(&fixed_sname); tresult = dns_name_fromtext(sname, &b2, dns_rootname, @@ -1934,7 +1934,7 @@ check_keylist(const cfg_obj_t *keys, isc_symtab_t *symtab, isc_buffer_t b; char *keyname; - isc_buffer_init(&b, keyid, strlen(keyid)); + isc_buffer_constinit(&b, keyid, strlen(keyid)); isc_buffer_add(&b, strlen(keyid)); tresult = dns_name_fromtext(name, &b, dns_rootname, 0, NULL); @@ -2103,7 +2103,7 @@ check_servers(const cfg_obj_t *config, const cfg_obj_t *voptions, */ keyval = cfg_obj_asstring(keys); dns_fixedname_init(&fname); - isc_buffer_init(&b, keyval, strlen(keyval)); + isc_buffer_constinit(&b, keyval, strlen(keyval)); isc_buffer_add(&b, strlen(keyval)); keyname = dns_fixedname_name(&fname); tresult = dns_name_fromtext(keyname, &b, dns_rootname, @@ -2148,7 +2148,7 @@ check_trusted_key(const cfg_obj_t *key, isc_boolean_t managed, keyname = dns_fixedname_name(&fkeyname); keynamestr = cfg_obj_asstring(cfg_tuple_get(key, "name")); - isc_buffer_init(&b, keynamestr, strlen(keynamestr)); + isc_buffer_constinit(&b, keynamestr, strlen(keynamestr)); isc_buffer_add(&b, strlen(keynamestr)); result = dns_name_fromtext(keyname, &b, dns_rootname, 0, NULL); if (result != ISC_R_SUCCESS) { diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c index c460302497..980b640d68 100644 --- a/lib/dns/dispatch.c +++ b/lib/dns/dispatch.c @@ -733,7 +733,7 @@ destroy_disp(isc_task_t *task, isc_event_t *event) { if (disp->sepool != NULL) { isc_mempool_destroy(&disp->sepool); - isc_mutex_destroy(&disp->sepool_lock); + (void)isc_mutex_destroy(&disp->sepool_lock); } if (disp->socket != NULL) diff --git a/lib/dns/dlz.c b/lib/dns/dlz.c index 8d1625a46b..c039dd5a66 100644 --- a/lib/dns/dlz.c +++ b/lib/dns/dlz.c @@ -543,7 +543,7 @@ dns_dlz_writeablezone(dns_view_t *view, const char *zone_name) { REQUIRE(dlzdatabase->configure_callback != NULL); - isc_buffer_init(&buffer, zone_name, strlen(zone_name)); + isc_buffer_constinit(&buffer, zone_name, strlen(zone_name)); isc_buffer_add(&buffer, strlen(zone_name)); dns_fixedname_init(&fixorigin); result = dns_name_fromtext(dns_fixedname_name(&fixorigin), diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c index 29077163d0..d00c99b412 100644 --- a/lib/dns/dnssec.c +++ b/lib/dns/dnssec.c @@ -352,7 +352,6 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key, ret = ISC_R_NOSPACE; goto cleanup_array; } - memcpy(sig.signature, r.base, sig.siglen); ret = dns_rdata_fromstruct(sigrdata, sig.common.rdclass, sig.common.rdtype, &sig, buffer); diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c index e6a55ef3bb..9ad58dc0a2 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c @@ -1312,24 +1312,24 @@ get_key_struct(dns_name_t *name, unsigned int alg, return (NULL); memset(key, 0, sizeof(dst_key_t)); - key->magic = KEY_MAGIC; - - result = isc_refcount_init(&key->refs, 1); - if (result != ISC_R_SUCCESS) { - isc_mem_put(mctx, key, sizeof(dst_key_t)); - return (NULL); - } key->key_name = isc_mem_get(mctx, sizeof(dns_name_t)); if (key->key_name == NULL) { - isc_refcount_destroy(&key->refs); isc_mem_put(mctx, key, sizeof(dst_key_t)); return (NULL); } + dns_name_init(key->key_name, NULL); result = dns_name_dup(name, mctx, key->key_name); if (result != ISC_R_SUCCESS) { - isc_refcount_destroy(&key->refs); + isc_mem_put(mctx, key->key_name, sizeof(dns_name_t)); + isc_mem_put(mctx, key, sizeof(dst_key_t)); + return (NULL); + } + + result = isc_refcount_init(&key->refs, 1); + if (result != ISC_R_SUCCESS) { + dns_name_free(key->key_name, mctx); isc_mem_put(mctx, key->key_name, sizeof(dns_name_t)); isc_mem_put(mctx, key, sizeof(dst_key_t)); return (NULL); @@ -1349,6 +1349,7 @@ get_key_struct(dns_name_t *name, unsigned int alg, key->times[i] = 0; key->timeset[i] = ISC_FALSE; } + key->magic = KEY_MAGIC; return (key); } diff --git a/lib/dns/gen.c b/lib/dns/gen.c index 6eb325ed66..9e4012c278 100644 --- a/lib/dns/gen.c +++ b/lib/dns/gen.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2012-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: gen.c,v 1.85 2009/12/04 22:06:37 tbox Exp $ */ - /*! \file */ #ifdef WIN32 @@ -41,7 +39,12 @@ #include "gen-unix.h" #endif -#define TYPECLASSLEN 21 +#define INSIST(cond) \ + if (!(cond)) { \ + fprintf(stderr, "%s:%d: INSIST(%s)\n", \ + __FILE__, __LINE__, #cond); \ + abort(); \ + } #define FROMTEXTARGS "rdclass, type, lexer, origin, options, target, callbacks" #define FROMTEXTCLASS "rdclass" @@ -131,27 +134,35 @@ const char copyright[] = "/*! \\file */\n" "\n"; +#define STR_EXPAND(tok) #tok +#define STR(tok) STR_EXPAND(tok) + #define TYPENAMES 256 +#define TYPECLASSLEN 20 /* DNS mnemonic size. Must be less than 100. */ +#define TYPECLASSBUF (TYPECLASSLEN + 1) +#define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d" +#define ATTRIBUTESIZE 256 +#define DIRNAMESIZE 256 struct cc { struct cc *next; int rdclass; - char classname[TYPECLASSLEN]; + char classname[TYPECLASSBUF]; } *classes; struct tt { struct tt *next; int rdclass; int type; - char classname[TYPECLASSLEN]; - char typename[TYPECLASSLEN]; - char dirname[256]; /* XXX Should be max path length */ + char classname[TYPECLASSBUF]; + char typename[TYPECLASSBUF]; + char dirname[DIRNAMESIZE]; /* XXX Should be max path length */ } *types; struct ttnam { - char typename[TYPECLASSLEN]; - char macroname[TYPECLASSLEN]; - char attr[256]; + char typename[TYPECLASSBUF]; + char macroname[TYPECLASSBUF]; + char attr[ATTRIBUTESIZE]; unsigned int sorted; int type; } typenames[TYPENAMES]; @@ -202,6 +213,7 @@ funname(const char *s, char *buf) { char *b = buf; char c; + INSIST(strlen(s) < TYPECLASSBUF); while ((c = *s++)) { *b++ = (c == '-') ? '_' : c; } @@ -217,7 +229,7 @@ doswitch(const char *name, const char *function, const char *args, int first = 1; int lasttype = 0; int subswitch = 0; - char buf1[TYPECLASSLEN], buf2[TYPECLASSLEN]; + char buf1[TYPECLASSBUF], buf2[TYPECLASSBUF]; const char *result = " result ="; if (res == NULL) @@ -283,7 +295,7 @@ doswitch(const char *name, const char *function, const char *args, void dodecl(char *type, char *function, char *args) { struct tt *tt; - char buf1[TYPECLASSLEN], buf2[TYPECLASSLEN]; + char buf1[TYPECLASSBUF], buf2[TYPECLASSBUF]; fputs("\n", stdout); for (tt = types; tt; tt = tt->next) @@ -315,9 +327,10 @@ find_typename(int type) { void insert_into_typenames(int type, const char *typename, const char *attr) { struct ttnam *ttn = NULL; - int c, i; + int c, i, n; char tmp[256]; + INSIST(strlen(typename) < TYPECLASSBUF); for (i = 0; i < TYPENAMES; i++) { if (typenames[i].typename[0] != 0 && typenames[i].type == type && @@ -340,10 +353,10 @@ insert_into_typenames(int type, const char *typename, const char *attr) { typename); exit(1); } - strncpy(ttn->typename, typename, TYPECLASSLEN); + strncpy(ttn->typename, typename, sizeof(ttn->typename)); ttn->type = type; - strncpy(ttn->macroname, ttn->typename, TYPECLASSLEN); + strncpy(ttn->macroname, ttn->typename, sizeof(ttn->macroname)); c = strlen(ttn->macroname); while (c > 0) { if (ttn->macroname[c - 1] == '-') @@ -352,8 +365,9 @@ insert_into_typenames(int type, const char *typename, const char *attr) { } if (attr == NULL) { - snprintf(tmp, sizeof(tmp), - "RRTYPE_%s_ATTRIBUTES", upper(ttn->macroname)); + n = snprintf(tmp, sizeof(tmp), + "RRTYPE_%s_ATTRIBUTES", upper(ttn->macroname)); + INSIST(n > 0 && n < sizeof(tmp)); attr = tmp; } @@ -383,6 +397,10 @@ add(int rdclass, const char *classname, int type, const char *typename, struct cc *newcc; struct cc *cc, *oldcc; + INSIST(strlen(typename) < TYPECLASSBUF); + INSIST(strlen(classname) < TYPECLASSBUF); + INSIST(strlen(dirname) < DIRNAMESIZE); + insert_into_typenames(type, typename, NULL); if (newtt == NULL) { @@ -393,11 +411,11 @@ add(int rdclass, const char *classname, int type, const char *typename, newtt->next = NULL; newtt->rdclass = rdclass; newtt->type = type; - strncpy(newtt->classname, classname, TYPECLASSLEN); - strncpy(newtt->typename, typename, TYPECLASSLEN); + strncpy(newtt->classname, classname, sizeof(newtt->classname)); + strncpy(newtt->typename, typename, sizeof(newtt->typename)); if (strncmp(dirname, "./", 2) == 0) dirname += 2; - strncpy(newtt->dirname, dirname, 256); + strncpy(newtt->dirname, dirname, sizeof(newtt->dirname)); tt = types; oldtt = NULL; @@ -430,8 +448,12 @@ add(int rdclass, const char *classname, int type, const char *typename, return; newcc = (struct cc *)malloc(sizeof(*newcc)); + if (newcc == NULL) { + fprintf(stderr, "malloc() failed\n"); + exit(1); + } newcc->rdclass = rdclass; - strncpy(newcc->classname, classname, TYPECLASSLEN); + strncpy(newcc->classname, classname, sizeof(newcc->classname)); cc = classes; oldcc = NULL; @@ -454,24 +476,23 @@ add(int rdclass, const char *classname, int type, const char *typename, void sd(int rdclass, const char *classname, const char *dirname, char filetype) { - char buf[sizeof("01234567890123456789_65535.h")]; - char fmt[sizeof("%20[-0-9a-z]_%d.h")]; - int type; - char typename[TYPECLASSLEN]; + char buf[TYPECLASSLEN + sizeof("_65535.h")]; + char typename[TYPECLASSBUF]; + int type, n; isc_dir_t dir; if (!start_directory(dirname, &dir)) return; - snprintf(fmt, sizeof(fmt), "%s%c", "%20[-0-9a-z]_%d.", filetype); while (next_file(&dir)) { - if (sscanf(dir.filename, fmt, typename, &type) != 2) + if (sscanf(dir.filename, TYPECLASSFMT, typename, &type) != 2) continue; if ((type > 65535) || (type < 0)) continue; - snprintf(buf, sizeof(buf), - "%s_%d.%c", typename, type, filetype); + n = snprintf(buf, sizeof(buf), "%s_%d.%c", typename, + type, filetype); + INSIST(n > 0 && n < sizeof(buf)); if (strcmp(buf, dir.filename) != 0) continue; add(rdclass, classname, type, typename, dirname); @@ -498,10 +519,10 @@ HASH(char *string) { int main(int argc, char **argv) { - char buf[256]; /* XXX Should be max path length */ - char srcdir[256]; /* XXX Should be max path length */ + char buf[DIRNAMESIZE]; /* XXX Should be max path length */ + char srcdir[DIRNAMESIZE]; /* XXX Should be max path length */ int rdclass; - char classname[TYPECLASSLEN]; + char classname[TYPECLASSBUF]; struct tt *tt; struct cc *cc; struct ttnam *ttn, *ttn2; @@ -515,8 +536,8 @@ main(int argc, char **argv) { int type_enum = 0; int structs = 0; int depend = 0; - int c, i, j; - char buf1[TYPECLASSLEN]; + int c, i, j, n; + char buf1[TYPECLASSBUF]; char filetype = 'c'; FILE *fd; char *prefix = NULL; @@ -563,8 +584,16 @@ main(int argc, char **argv) { filetype = 'h'; break; case 's': - snprintf(srcdir, sizeof(srcdir), - "%s/", isc_commandline_argument); + if (strlen(isc_commandline_argument) > + DIRNAMESIZE - 2 * TYPECLASSLEN - + sizeof("/rdata/_65535_65535")) { + fprintf(stderr, "\"%s\" too long\n", + isc_commandline_argument); + exit(1); + } + n = snprintf(srcdir, sizeof(srcdir), "%s/", + isc_commandline_argument); + INSIST(n > 0 && n < sizeof(srcdir)); break; case 'F': file = isc_commandline_argument; @@ -579,32 +608,37 @@ main(int argc, char **argv) { exit(1); } - snprintf(buf, sizeof(buf), "%srdata", srcdir); + n = snprintf(buf, sizeof(buf), "%srdata", srcdir); + INSIST(n > 0 && n < sizeof(srcdir)); if (!start_directory(buf, &dir)) exit(1); while (next_file(&dir)) { - if (sscanf(dir.filename, "%10[0-9a-z]_%d", - classname, &rdclass) != 2) + if (sscanf(dir.filename, TYPECLASSFMT, classname, + &rdclass) != 2) continue; if ((rdclass > 65535) || (rdclass < 0)) continue; - snprintf(buf, sizeof(buf), - "%srdata/%s_%d", srcdir, classname, rdclass); + n = snprintf(buf, sizeof(buf), "%srdata/%s_%d", + srcdir, classname, rdclass); + INSIST(n > 0 && n < sizeof(buf)); if (strcmp(buf + 6 + strlen(srcdir), dir.filename) != 0) continue; sd(rdclass, classname, buf, filetype); } end_directory(&dir); - snprintf(buf, sizeof(buf), "%srdata/generic", srcdir); + n = snprintf(buf, sizeof(buf), "%srdata/generic", srcdir); + INSIST(n > 0 && n < sizeof(srcdir)); sd(0, "", buf, filetype); if (time(&now) != -1) { - if ((tm = localtime(&now)) != NULL && tm->tm_year > 104) - snprintf(year, sizeof(year), "-%d", tm->tm_year + 1900); - else + if ((tm = localtime(&now)) != NULL && tm->tm_year > 104) { + n = snprintf(year, sizeof(year), "-%d", + tm->tm_year + 1900); + INSIST(n > 0 && n < sizeof(year)); + } else year[0] = 0; } else year[0] = 0; diff --git a/lib/dns/include/dns/nsec.h b/lib/dns/include/dns/nsec.h index bdcd2eeccf..440ee4e015 100644 --- a/lib/dns/include/dns/nsec.h +++ b/lib/dns/include/dns/nsec.h @@ -98,6 +98,19 @@ dns_nsec_isset(const unsigned char *array, unsigned int type); * Test if the corresponding 'type' bit is set in 'array'. */ +isc_result_t +dns_nsec_noexistnodata(dns_rdatatype_t type, dns_name_t *name, + dns_name_t *nsecname, dns_rdataset_t *nsecset, + isc_boolean_t *exists, isc_boolean_t *data, + dns_name_t *wild, dns_nseclog_t log, void *arg); +/*% + * Return ISC_R_SUCCESS if we can determine that the name doesn't exist + * or we can determine whether there is data or not at the name. + * If the name does not exist return the wildcard name. + * + * Return ISC_R_IGNORE when the NSEC is not the appropriate one. + */ + ISC_LANG_ENDDECLS #endif /* DNS_NSEC_H */ diff --git a/lib/dns/include/dns/nsec3.h b/lib/dns/include/dns/nsec3.h index 1b89cceb53..e4a22868a2 100644 --- a/lib/dns/include/dns/nsec3.h +++ b/lib/dns/include/dns/nsec3.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -248,6 +248,14 @@ dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver, * Mark NSEC3PARAM for deletion. */ +isc_result_t +dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name, + dns_name_t *nsec3name, dns_rdataset_t *nsec3set, + dns_name_t *zonename, isc_boolean_t *exists, + isc_boolean_t *data, isc_boolean_t *optout, + isc_boolean_t *unknown, isc_boolean_t *setclosest, + isc_boolean_t *setnearest, dns_name_t *closest, + dns_name_t *nearest, dns_nseclog_t logit, void *arg); ISC_LANG_ENDDECLS diff --git a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h index 2c7b2730fb..89ecaf8006 100644 --- a/lib/dns/include/dns/rdata.h +++ b/lib/dns/include/dns/rdata.h @@ -177,6 +177,7 @@ struct dns_rdata { #define DNS_RDATA_CHECKREVERSE DNS_NAME_CHECKREVERSE #define DNS_RDATA_CHECKMX DNS_NAME_CHECKMX #define DNS_RDATA_CHECKMXFAIL DNS_NAME_CHECKMXFAIL +#define DNS_RDATA_UNKNOWNESCAPE 0x80000000 /*** *** Initialization diff --git a/lib/dns/include/dns/result.h b/lib/dns/include/dns/result.h index 18c49ba8a0..3a94b91433 100644 --- a/lib/dns/include/dns/result.h +++ b/lib/dns/include/dns/result.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -152,8 +152,9 @@ #define DNS_R_BROKENCHAIN (ISC_RESULTCLASS_DNS + 106) #define DNS_R_EXPIRED (ISC_RESULTCLASS_DNS + 107) #define DNS_R_NOTDYNAMIC (ISC_RESULTCLASS_DNS + 108) +#define DNS_R_UNSAFENAME (ISC_RESULTCLASS_DNS + 109) -#define DNS_R_NRESULTS 109 /*%< Number of results */ +#define DNS_R_NRESULTS 110 /*%< Number of results */ /* * DNS wire format rcodes. diff --git a/lib/dns/include/dns/types.h b/lib/dns/include/dns/types.h index 4f78a31ec5..a885230ccf 100644 --- a/lib/dns/include/dns/types.h +++ b/lib/dns/include/dns/types.h @@ -392,4 +392,7 @@ typedef isc_boolean_t (*dns_isselffunc_t)(dns_view_t *, dns_tsigkey_t *, isc_sockaddr_t *, isc_sockaddr_t *, dns_rdataclass_t, void *); +typedef void +(*dns_nseclog_t)(void *val, int , const char *, ...); + #endif /* DNS_TYPES_H */ diff --git a/lib/dns/master.c b/lib/dns/master.c index a8a456d7a3..69956580e3 100644 --- a/lib/dns/master.c +++ b/lib/dns/master.c @@ -157,6 +157,7 @@ struct dns_incctx { int glue_in_use; int current_in_use; int origin_in_use; + isc_boolean_t origin_changed; isc_boolean_t drop; unsigned int glue_line; unsigned int current_line; @@ -1404,6 +1405,7 @@ load_text(dns_loadctx_t *lctx) { ictx->origin_in_use = new_in_use; ictx->in_use[ictx->origin_in_use] = ISC_TRUE; ictx->origin = new_name; + ictx->origin_changed = ISC_TRUE; finish_origin = ISC_FALSE; EXPECTEOL; continue; @@ -1576,8 +1578,31 @@ load_text(dns_loadctx_t *lctx) { } else if (result != ISC_R_SUCCESS) goto insist_and_cleanup; } + + if (ictx->origin_changed) { + char cbuf[DNS_NAME_FORMATSIZE]; + char obuf[DNS_NAME_FORMATSIZE]; + dns_name_format(ictx->current, cbuf, + sizeof(cbuf)); + dns_name_format(ictx->origin, obuf, + sizeof(obuf)); + (*callbacks->error)(callbacks, + "%s:%lu: record with inherited " + "owner (%s) immediately after " + "$ORIGIN (%s)", source, line, + cbuf, obuf); + result = DNS_R_UNSAFENAME; + if (MANYERRS(lctx, result)) { + SETRESULT(lctx, result); + read_till_eol = ISC_TRUE; + continue; + } else if (result != ISC_R_SUCCESS) + goto insist_and_cleanup; + } } + ictx->origin_changed = ISC_FALSE; + if (dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion) == ISC_R_SUCCESS) diff --git a/lib/dns/name.c b/lib/dns/name.c index 0d9387f0bd..7fb21e138c 100644 --- a/lib/dns/name.c +++ b/lib/dns/name.c @@ -843,6 +843,10 @@ dns_name_matcheswildcard(const dns_name_t *name, const dns_name_t *wname) { REQUIRE(labels > 0); REQUIRE(dns_name_iswildcard(wname)); +#if defined(__clang__) && \ + ( __clang_major__ < 3 || (__clang_major__ == 3 && __clang_minor__ < 2)) + memset(&tname, 0, sizeof(tname)); +#endif DNS_NAME_INIT(&tname, NULL); dns_name_getlabelsequence(wname, 1, labels - 1, &tname); if (dns_name_fullcompare(name, &tname, &order, &nlabels) == @@ -1937,6 +1941,10 @@ dns_name_towire(const dns_name_t *name, dns_compress_t *cctx, * has one. */ if (name->offsets == NULL) { +#if defined(__clang__) && \ + ( __clang_major__ < 3 || (__clang_major__ == 3 && __clang_minor__ < 2)) + memset(&clname, 0, sizeof(clname)); +#endif DNS_NAME_INIT(&clname, clo); dns_name_clone(name, &clname); name = &clname; @@ -2242,6 +2250,10 @@ dns_name_digest(dns_name_t *name, dns_digestfunc_t digest, void *arg) { REQUIRE(VALID_NAME(name)); REQUIRE(digest != NULL); +#if defined(__clang__) && \ + ( __clang_major__ < 3 || (__clang_major__ == 3 && __clang_minor__ < 2)) + memset(&downname, 0, sizeof(downname)); +#endif DNS_NAME_INIT(&downname, NULL); isc_buffer_init(&buffer, data, sizeof(data)); @@ -2408,7 +2420,7 @@ dns_name_fromstring2(dns_name_t *target, const char *src, REQUIRE(src != NULL); - isc_buffer_init(&buf, src, strlen(src)); + isc_buffer_constinit(&buf, src, strlen(src)); isc_buffer_add(&buf, strlen(src)); if (BINDABLE(target) && target->buffer != NULL) name = target; diff --git a/lib/dns/nsec.c b/lib/dns/nsec.c index 69207d09de..5ae1cf8739 100644 --- a/lib/dns/nsec.c +++ b/lib/dns/nsec.c @@ -21,6 +21,7 @@ #include +#include #include #include @@ -290,3 +291,161 @@ dns_nsec_nseconly(dns_db_t *db, dns_dbversion_t *version, } return (result); } + +/*% + * Return ISC_R_SUCCESS if we can determine that the name doesn't exist + * or we can determine whether there is data or not at the name. + * If the name does not exist return the wildcard name. + * + * Return ISC_R_IGNORE when the NSEC is not the appropriate one. + */ +isc_result_t +dns_nsec_noexistnodata(dns_rdatatype_t type, dns_name_t *name, + dns_name_t *nsecname, dns_rdataset_t *nsecset, + isc_boolean_t *exists, isc_boolean_t *data, + dns_name_t *wild, dns_nseclog_t logit, void *arg) +{ + int order; + dns_rdata_t rdata = DNS_RDATA_INIT; + isc_result_t result; + dns_namereln_t relation; + unsigned int olabels, nlabels, labels; + dns_rdata_nsec_t nsec; + isc_boolean_t atparent; + isc_boolean_t ns; + isc_boolean_t soa; + + REQUIRE(exists != NULL); + REQUIRE(data != NULL); + REQUIRE(nsecset != NULL && + nsecset->type == dns_rdatatype_nsec); + + result = dns_rdataset_first(nsecset); + if (result != ISC_R_SUCCESS) { + (*logit)(arg, ISC_LOG_DEBUG(3), "failure processing NSEC set"); + return (result); + } + dns_rdataset_current(nsecset, &rdata); + + (*logit)(arg, ISC_LOG_DEBUG(3), "looking for relevant nsec"); + relation = dns_name_fullcompare(name, nsecname, &order, &olabels); + + if (order < 0) { + /* + * The name is not within the NSEC range. + */ + (*logit)(arg, ISC_LOG_DEBUG(3), + "NSEC does not cover name, before NSEC"); + return (ISC_R_IGNORE); + } + + if (order == 0) { + /* + * The names are the same. If we are validating "." + * then atparent should not be set as there is no parent. + */ + atparent = (olabels != 1) && dns_rdatatype_atparent(type); + ns = dns_nsec_typepresent(&rdata, dns_rdatatype_ns); + soa = dns_nsec_typepresent(&rdata, dns_rdatatype_soa); + if (ns && !soa) { + if (!atparent) { + /* + * This NSEC record is from somewhere higher in + * the DNS, and at the parent of a delegation. + * It can not be legitimately used here. + */ + (*logit)(arg, ISC_LOG_DEBUG(3), + "ignoring parent nsec"); + return (ISC_R_IGNORE); + } + } else if (atparent && ns && soa) { + /* + * This NSEC record is from the child. + * It can not be legitimately used here. + */ + (*logit)(arg, ISC_LOG_DEBUG(3), + "ignoring child nsec"); + return (ISC_R_IGNORE); + } + if (type == dns_rdatatype_cname || type == dns_rdatatype_nxt || + type == dns_rdatatype_nsec || type == dns_rdatatype_key || + !dns_nsec_typepresent(&rdata, dns_rdatatype_cname)) { + *exists = ISC_TRUE; + *data = dns_nsec_typepresent(&rdata, type); + (*logit)(arg, ISC_LOG_DEBUG(3), + "nsec proves name exists (owner) data=%d", + *data); + return (ISC_R_SUCCESS); + } + (*logit)(arg, ISC_LOG_DEBUG(3), "NSEC proves CNAME exists"); + return (ISC_R_IGNORE); + } + + if (relation == dns_namereln_subdomain && + dns_nsec_typepresent(&rdata, dns_rdatatype_ns) && + !dns_nsec_typepresent(&rdata, dns_rdatatype_soa)) + { + /* + * This NSEC record is from somewhere higher in + * the DNS, and at the parent of a delegation. + * It can not be legitimately used here. + */ + (*logit)(arg, ISC_LOG_DEBUG(3), "ignoring parent nsec"); + return (ISC_R_IGNORE); + } + + result = dns_rdata_tostruct(&rdata, &nsec, NULL); + if (result != ISC_R_SUCCESS) + return (result); + relation = dns_name_fullcompare(&nsec.next, name, &order, &nlabels); + if (order == 0) { + dns_rdata_freestruct(&nsec); + (*logit)(arg, ISC_LOG_DEBUG(3), + "ignoring nsec matches next name"); + return (ISC_R_IGNORE); + } + + if (order < 0 && !dns_name_issubdomain(nsecname, &nsec.next)) { + /* + * The name is not within the NSEC range. + */ + dns_rdata_freestruct(&nsec); + (*logit)(arg, ISC_LOG_DEBUG(3), + "ignoring nsec because name is past end of range"); + return (ISC_R_IGNORE); + } + + if (order > 0 && relation == dns_namereln_subdomain) { + (*logit)(arg, ISC_LOG_DEBUG(3), + "nsec proves name exist (empty)"); + dns_rdata_freestruct(&nsec); + *exists = ISC_TRUE; + *data = ISC_FALSE; + return (ISC_R_SUCCESS); + } + if (wild != NULL) { + dns_name_t common; + dns_name_init(&common, NULL); + if (olabels > nlabels) { + labels = dns_name_countlabels(nsecname); + dns_name_getlabelsequence(nsecname, labels - olabels, + olabels, &common); + } else { + labels = dns_name_countlabels(&nsec.next); + dns_name_getlabelsequence(&nsec.next, labels - nlabels, + nlabels, &common); + } + result = dns_name_concatenate(dns_wildcardname, &common, + wild, NULL); + if (result != ISC_R_SUCCESS) { + dns_rdata_freestruct(&nsec); + (*logit)(arg, ISC_LOG_DEBUG(3), + "failure generating wildcard name"); + return (result); + } + } + dns_rdata_freestruct(&nsec); + (*logit)(arg, ISC_LOG_DEBUG(3), "nsec range ok"); + *exists = ISC_FALSE; + return (ISC_R_SUCCESS); +} diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c index 4975bf318a..935f515d23 100644 --- a/lib/dns/nsec3.c +++ b/lib/dns/nsec3.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include @@ -1098,7 +1099,12 @@ dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver, INSIST(rdata.length <= sizeof(buf)); memcpy(buf, rdata.data, rdata.length); - if (buf[0] != 0 || (buf[2] & DNS_NSEC3FLAG_REMOVE) != 0 || + /* + * Private NSEC3 record length >= 6. + * <0(1), hash(1), flags(1), iterations(2), saltlen(1)> + */ + if (rdata.length < 6 || buf[0] != 0 || + (buf[2] & DNS_NSEC3FLAG_REMOVE) != 0 || (nonsec && (buf[2] & DNS_NSEC3FLAG_NONSEC) != 0)) continue; @@ -1797,3 +1803,285 @@ dns_nsec3_maxiterations(dns_db_t *db, dns_dbversion_t *version, dns_rdataset_disassociate(&rdataset); return (result); } + +isc_result_t +dns_nsec3_noexistnodata(dns_rdatatype_t type, dns_name_t* name, + dns_name_t *nsec3name, dns_rdataset_t *nsec3set, + dns_name_t *zonename, isc_boolean_t *exists, + isc_boolean_t *data, isc_boolean_t *optout, + isc_boolean_t *unknown, isc_boolean_t *setclosest, + isc_boolean_t *setnearest, dns_name_t *closest, + dns_name_t *nearest, dns_nseclog_t logit, void *arg) +{ + char namebuf[DNS_NAME_FORMATSIZE]; + dns_fixedname_t fzone; + dns_fixedname_t qfixed; + dns_label_t hashlabel; + dns_name_t *qname; + dns_name_t *zone; + dns_rdata_nsec3_t nsec3; + dns_rdata_t rdata = DNS_RDATA_INIT; + int order; + int scope; + isc_boolean_t atparent; + isc_boolean_t first; + isc_boolean_t ns; + isc_boolean_t soa; + isc_buffer_t buffer; + isc_result_t answer = ISC_R_IGNORE; + isc_result_t result; + unsigned char hash[NSEC3_MAX_HASH_LENGTH]; + unsigned char owner[NSEC3_MAX_HASH_LENGTH]; + unsigned int length; + unsigned int qlabels; + unsigned int zlabels; + + REQUIRE((exists == NULL && data == NULL) || + (exists != NULL && data != NULL)); + REQUIRE(nsec3set != NULL && nsec3set->type == dns_rdatatype_nsec3); + REQUIRE((setclosest == NULL && closest == NULL) || + (setclosest != NULL && closest != NULL)); + REQUIRE((setnearest == NULL && nearest == NULL) || + (setnearest != NULL && nearest != NULL)); + + result = dns_rdataset_first(nsec3set); + if (result != ISC_R_SUCCESS) { + (*logit)(arg, ISC_LOG_DEBUG(3), "failure processing NSEC3 set"); + return (result); + } + + dns_rdataset_current(nsec3set, &rdata); + + result = dns_rdata_tostruct(&rdata, &nsec3, NULL); + if (result != ISC_R_SUCCESS) + return (result); + + (*logit)(arg, ISC_LOG_DEBUG(3), "looking for relevant NSEC3"); + + dns_fixedname_init(&fzone); + zone = dns_fixedname_name(&fzone); + zlabels = dns_name_countlabels(nsec3name); + + /* + * NSEC3 records must have two or more labels to be valid. + */ + if (zlabels < 2) + return (ISC_R_IGNORE); + + /* + * Strip off the NSEC3 hash to get the zone. + */ + zlabels--; + dns_name_split(nsec3name, zlabels, NULL, zone); + + /* + * If not below the zone name we can ignore this record. + */ + if (!dns_name_issubdomain(name, zone)) + return (ISC_R_IGNORE); + + /* + * Is this zone the same or deeper than the current zone? + */ + if (dns_name_countlabels(zonename) == 0 || + dns_name_issubdomain(zone, zonename)) + dns_name_copy(zone, zonename, NULL); + + if (!dns_name_equal(zone, zonename)) + return (ISC_R_IGNORE); + + /* + * Are we only looking for the most enclosing zone? + */ + if (exists == NULL || data == NULL) + return (ISC_R_SUCCESS); + + /* + * Only set unknown once we are sure that this NSEC3 is from + * the deepest covering zone. + */ + if (!dns_nsec3_supportedhash(nsec3.hash)) { + if (unknown != NULL) + *unknown = ISC_TRUE; + return (ISC_R_IGNORE); + } + + /* + * Recover the hash from the first label. + */ + dns_name_getlabel(nsec3name, 0, &hashlabel); + isc_region_consume(&hashlabel, 1); + isc_buffer_init(&buffer, owner, sizeof(owner)); + result = isc_base32hex_decoderegion(&hashlabel, &buffer); + if (result != ISC_R_SUCCESS) + return (result); + + /* + * The hash lengths should match. If not ignore the record. + */ + if (isc_buffer_usedlength(&buffer) != nsec3.next_length) + return (ISC_R_IGNORE); + + /* + * Work out what this NSEC3 covers. + * Inside (<0) or outside (>=0). + */ + scope = memcmp(owner, nsec3.next, nsec3.next_length); + + /* + * Prepare to compute all the hashes. + */ + dns_fixedname_init(&qfixed); + qname = dns_fixedname_name(&qfixed); + dns_name_downcase(name, qname, NULL); + qlabels = dns_name_countlabels(qname); + first = ISC_TRUE; + + while (qlabels >= zlabels) { + length = isc_iterated_hash(hash, nsec3.hash, nsec3.iterations, + nsec3.salt, nsec3.salt_length, + qname->ndata, qname->length); + /* + * The computed hash length should match. + */ + if (length != nsec3.next_length) { + (*logit)(arg, ISC_LOG_DEBUG(3), + "ignoring NSEC bad length %u vs %u", + length, nsec3.next_length); + return (ISC_R_IGNORE); + } + + order = memcmp(hash, owner, length); + if (first && order == 0) { + /* + * The hashes are the same. + */ + atparent = dns_rdatatype_atparent(type); + ns = dns_nsec3_typepresent(&rdata, dns_rdatatype_ns); + soa = dns_nsec3_typepresent(&rdata, dns_rdatatype_soa); + if (ns && !soa) { + if (!atparent) { + /* + * This NSEC3 record is from somewhere + * higher in the DNS, and at the + * parent of a delegation. It can not + * be legitimately used here. + */ + (*logit)(arg, ISC_LOG_DEBUG(3), + "ignoring parent NSEC3"); + return (ISC_R_IGNORE); + } + } else if (atparent && ns && soa) { + /* + * This NSEC3 record is from the child. + * It can not be legitimately used here. + */ + (*logit)(arg, ISC_LOG_DEBUG(3), + "ignoring child NSEC3"); + return (ISC_R_IGNORE); + } + if (type == dns_rdatatype_cname || + type == dns_rdatatype_nxt || + type == dns_rdatatype_nsec || + type == dns_rdatatype_key || + !dns_nsec3_typepresent(&rdata, dns_rdatatype_cname)) { + *exists = ISC_TRUE; + *data = dns_nsec3_typepresent(&rdata, type); + (*logit)(arg, ISC_LOG_DEBUG(3), + "NSEC3 proves name exists (owner) " + "data=%d", *data); + return (ISC_R_SUCCESS); + } + (*logit)(arg, ISC_LOG_DEBUG(3), + "NSEC3 proves CNAME exists"); + return (ISC_R_IGNORE); + } + + if (order == 0 && + dns_nsec3_typepresent(&rdata, dns_rdatatype_ns) && + !dns_nsec3_typepresent(&rdata, dns_rdatatype_soa)) + { + /* + * This NSEC3 record is from somewhere higher in + * the DNS, and at the parent of a delegation. + * It can not be legitimately used here. + */ + (*logit)(arg, ISC_LOG_DEBUG(3), + "ignoring parent NSEC3"); + return (ISC_R_IGNORE); + } + + /* + * Potential closest encloser. + */ + if (order == 0) { + if (closest != NULL && + (dns_name_countlabels(closest) == 0 || + dns_name_issubdomain(qname, closest)) && + !dns_nsec3_typepresent(&rdata, dns_rdatatype_ds) && + !dns_nsec3_typepresent(&rdata, dns_rdatatype_dname) && + (dns_nsec3_typepresent(&rdata, dns_rdatatype_soa) || + !dns_nsec3_typepresent(&rdata, dns_rdatatype_ns))) + { + + dns_name_format(qname, namebuf, + sizeof(namebuf)); + (*logit)(arg, ISC_LOG_DEBUG(3), + "NSEC3 indicates potential closest " + "encloser: '%s'", namebuf); + dns_name_copy(qname, closest, NULL); + *setclosest = ISC_TRUE; + } + dns_name_format(qname, namebuf, sizeof(namebuf)); + (*logit)(arg, ISC_LOG_DEBUG(3), + "NSEC3 at super-domain %s", namebuf); + return (answer); + } + + /* + * Find if the name does not exist. + * + * We continue as we need to find the name closest to the + * closest encloser that doesn't exist. + * + * We also need to continue to ensure that we are not + * proving the non-existence of a record in a sub-zone. + * If that would be the case we will return ISC_R_IGNORE + * above. + */ + if ((scope < 0 && order > 0 && + memcmp(hash, nsec3.next, length) < 0) || + (scope >= 0 && (order > 0 || + memcmp(hash, nsec3.next, length) < 0))) + { + char namebuf[DNS_NAME_FORMATSIZE]; + + dns_name_format(qname, namebuf, sizeof(namebuf)); + (*logit)(arg, ISC_LOG_DEBUG(3), "NSEC3 proves " + "name does not exist: '%s'", namebuf); + if (nearest != NULL && + (dns_name_countlabels(nearest) == 0 || + dns_name_issubdomain(nearest, qname))) { + dns_name_copy(qname, nearest, NULL); + *setnearest = ISC_TRUE; + } + + *exists = ISC_FALSE; + *data = ISC_FALSE; + if (optout != NULL) { + if ((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0) + (*logit)(arg, ISC_LOG_DEBUG(3), + "NSEC3 indicates optout"); + *optout = + ISC_TF(nsec3.flags & DNS_NSEC3FLAG_OPTOUT); + } + answer = ISC_R_SUCCESS; + } + + qlabels--; + if (qlabels > 0) + dns_name_split(qname, qlabels, NULL, qname); + first = ISC_FALSE; + } + return (answer); +} diff --git a/lib/dns/peer.c b/lib/dns/peer.c index c55d73dddf..ec9e08cb27 100644 --- a/lib/dns/peer.c +++ b/lib/dns/peer.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -533,7 +533,7 @@ dns_peer_setkeybycharp(dns_peer_t *peer, const char *keyval) { isc_result_t result; dns_fixedname_init(&fname); - isc_buffer_init(&b, keyval, strlen(keyval)); + isc_buffer_constinit(&b, keyval, strlen(keyval)); isc_buffer_add(&b, strlen(keyval)); result = dns_name_fromtext(dns_fixedname_name(&fname), &b, dns_rootname, 0, NULL); diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c index 4e033d66ed..eb95d14fbc 100644 --- a/lib/dns/rbt.c +++ b/lib/dns/rbt.c @@ -1537,6 +1537,8 @@ rehash(dns_rbt_t *rbt) { return; } + INSIST(rbt->hashsize > 0); + for (i = 0; i < rbt->hashsize; i++) rbt->hashtable[i] = NULL; @@ -1947,6 +1949,7 @@ dns_rbt_deletefromlevel(dns_rbtnode_t *delete, dns_rbtnode_t **rootp) { COLOR(sibling) = COLOR(parent); MAKE_BLACK(parent); + INSIST(RIGHT(sibling) != NULL); MAKE_BLACK(RIGHT(sibling)); rotate_left(parent, rootp); child = *rootp; @@ -1984,6 +1987,7 @@ dns_rbt_deletefromlevel(dns_rbtnode_t *delete, dns_rbtnode_t **rootp) { COLOR(sibling) = COLOR(parent); MAKE_BLACK(parent); + INSIST(LEFT(sibling) != NULL); MAKE_BLACK(LEFT(sibling)); rotate_right(parent, rootp); child = *rootp; diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c index 4a0fcc6af7..af7cddb3bd 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -6224,6 +6224,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, * will do it on the LRU side, so memory * will not leak... for long. */ + INSIST(rbtdb->heaps != NULL); isc_heap_insert(rbtdb->heaps[idx], newheader); } else if (RESIGN(newheader)) resign_insert(rbtdb, idx, newheader); diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c index b6e715eff0..ea9190faa6 100644 --- a/lib/dns/rdata.c +++ b/lib/dns/rdata.c @@ -620,6 +620,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, dns_rdataclass_t rdclass, void (*callback)(dns_rdatacallbacks_t *, const char *, ...); isc_result_t tresult; size_t length; + isc_boolean_t unknown; REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE); if (rdata != NULL) { @@ -647,13 +648,33 @@ dns_rdata_fromtext(dns_rdata_t *rdata, dns_rdataclass_t rdclass, return (result); } - if (strcmp(DNS_AS_STR(token), "\\#") == 0) - result = unknown_fromtext(rdclass, type, lexer, mctx, target); - else { + unknown = ISC_FALSE; + if (token.type == isc_tokentype_string && + strcmp(DNS_AS_STR(token), "\\#") == 0) { + /* + * If this is a TXT record '\#' could be a escaped '#'. + * Look to see if the next token is a number and if so + * treat it as a unknown record format. + */ + if (type == dns_rdatatype_txt) { + result = isc_lex_getmastertoken(lexer, &token, + isc_tokentype_number, + ISC_FALSE); + if (result == ISC_R_SUCCESS) + isc_lex_ungettoken(lexer, &token); + } + + if (result == ISC_R_SUCCESS) { + unknown = ISC_TRUE; + result = unknown_fromtext(rdclass, type, lexer, + mctx, target); + } else + options |= DNS_RDATA_UNKNOWNESCAPE; + } else isc_lex_ungettoken(lexer, &token); + if (!unknown) FROMTEXTSWITCH - } /* * Consume to end of line / file. diff --git a/lib/dns/rdata/generic/txt_16.c b/lib/dns/rdata/generic/txt_16.c index c49864e670..e1bce6a0de 100644 --- a/lib/dns/rdata/generic/txt_16.c +++ b/lib/dns/rdata/generic/txt_16.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007-2009, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -38,6 +38,13 @@ fromtext_txt(ARGS_FROMTEXT) { UNUSED(callbacks); strings = 0; + if ((options & DNS_RDATA_UNKNOWNESCAPE) != 0) { + isc_textregion_t r; + DE_CONST("#", r.base); + r.length = 1; + RETERR(txt_fromtext(&r, target)); + strings++; + } for (;;) { RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_qstring, diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index 9ad8a7e3f5..991c68e8cb 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -21,6 +21,7 @@ #include +#include #include #include #include @@ -43,6 +44,8 @@ #include #include #include +#include +#include #include #include #include @@ -76,7 +79,7 @@ DNS_LOGCATEGORY_RESOLVER, \ DNS_LOGMODULE_RESOLVER, \ ISC_LOG_DEBUG(3), \ - "fctx %p(%s'): %s", fctx, fctx->info, (m)) + "fctx %p(%s): %s", fctx, fctx->info, (m)) #define FCTXTRACE2(m1, m2) \ isc_log_write(dns_lctx, \ DNS_LOGCATEGORY_RESOLVER, \ @@ -474,6 +477,9 @@ static void validated(isc_task_t *task, isc_event_t *event); static isc_boolean_t maybe_destroy(fetchctx_t *fctx, isc_boolean_t locked); static void add_bad(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, isc_result_t reason, badnstype_t badtype); +static inline isc_result_t findnoqname(fetchctx_t *fctx, dns_name_t *name, + dns_rdatatype_t type, + dns_name_t **noqname); /*% * Increment resolver-related statistics counters. @@ -4243,7 +4249,6 @@ validated(isc_task_t *task, isc_event_t *event) { FCTXTRACE("validation OK"); if (vevent->proofs[DNS_VALIDATOR_NOQNAMEPROOF] != NULL) { - result = dns_rdataset_addnoqname(vevent->rdataset, vevent->proofs[DNS_VALIDATOR_NOQNAMEPROOF]); RUNTIME_CHECK(result == ISC_R_SUCCESS); @@ -4254,6 +4259,18 @@ validated(isc_task_t *task, isc_event_t *event) { vevent->proofs[DNS_VALIDATOR_CLOSESTENCLOSER]); RUNTIME_CHECK(result == ISC_R_SUCCESS); } + } else if (vevent->rdataset->trust == dns_trust_answer && + vevent->rdataset->type != dns_rdatatype_rrsig) + { + isc_result_t tresult; + dns_name_t *noqname = NULL; + tresult = findnoqname(fctx, vevent->name, + vevent->rdataset->type, &noqname); + if (tresult == ISC_R_SUCCESS && noqname != NULL) { + tresult = dns_rdataset_addnoqname(vevent->rdataset, + noqname); + RUNTIME_CHECK(tresult == ISC_R_SUCCESS); + } } /* @@ -4394,6 +4411,133 @@ validated(isc_task_t *task, isc_event_t *event) { isc_event_free(&event); } +static void +fctx_log(void *arg, int level, const char *fmt, ...) { + char msgbuf[2048]; + va_list args; + fetchctx_t *fctx = arg; + + va_start(args, fmt); + vsnprintf(msgbuf, sizeof(msgbuf), fmt, args); + va_end(args); + + isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, + DNS_LOGMODULE_RESOLVER, level, + "fctx %p(%s): %s", fctx, fctx->info, msgbuf); +} + +static inline isc_result_t +findnoqname(fetchctx_t *fctx, dns_name_t *name, dns_rdatatype_t type, + dns_name_t **noqname) +{ + dns_rdataset_t *nrdataset, *next, *sigrdataset; + dns_rdata_rrsig_t rrsig; + isc_result_t result; + unsigned int labels; + dns_section_t section; + dns_name_t *zonename; + dns_fixedname_t fzonename; + dns_name_t *closest; + dns_fixedname_t fclosest; + dns_name_t *nearest; + dns_fixedname_t fnearest; + + FCTXTRACE("findnoqname"); + + REQUIRE(noqname != NULL && *noqname == NULL); + + /* + * Find the SIG for this rdataset, if we have it. + */ + for (sigrdataset = ISC_LIST_HEAD(name->list); + sigrdataset != NULL; + sigrdataset = ISC_LIST_NEXT(sigrdataset, link)) { + if (sigrdataset->type == dns_rdatatype_rrsig && + sigrdataset->covers == type) + break; + } + + if (sigrdataset == NULL) + return (ISC_R_NOTFOUND); + + labels = dns_name_countlabels(name); + + for (result = dns_rdataset_first(sigrdataset); + result == ISC_R_SUCCESS; + result = dns_rdataset_next(sigrdataset)) { + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdataset_current(sigrdataset, &rdata); + result = dns_rdata_tostruct(&rdata, &rrsig, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + /* Wildcard has rrsig.labels < labels - 1. */ + if (rrsig.labels + 1U >= labels) + continue; + break; + } + + if (result == ISC_R_NOMORE) + return (ISC_R_NOTFOUND); + if (result != ISC_R_SUCCESS) + return (result); + + dns_fixedname_init(&fzonename); + zonename = dns_fixedname_name(&fzonename); + dns_fixedname_init(&fclosest); + closest = dns_fixedname_name(&fclosest); + dns_fixedname_init(&fnearest); + nearest = dns_fixedname_name(&fnearest); + +#define NXND(x) ((x) == ISC_R_SUCCESS) + + section = DNS_SECTION_AUTHORITY; + for (result = dns_message_firstname(fctx->rmessage, section); + result == ISC_R_SUCCESS; + result = dns_message_nextname(fctx->rmessage, section)) { + dns_name_t *nsec = NULL; + dns_message_currentname(fctx->rmessage, section, &nsec); + for (nrdataset = ISC_LIST_HEAD(nsec->list); + nrdataset != NULL; nrdataset = next) { + isc_boolean_t data = ISC_FALSE, exists = ISC_FALSE; + isc_boolean_t optout = ISC_FALSE, unknown = ISC_FALSE; + isc_boolean_t setclosest = ISC_FALSE; + isc_boolean_t setnearest = ISC_FALSE; + char namebuf[DNS_NAME_FORMATSIZE]; + + next = ISC_LIST_NEXT(nrdataset, link); + if (nrdataset->type != dns_rdatatype_nsec && + nrdataset->type != dns_rdatatype_nsec3) + continue; + dns_name_format(nsec, namebuf, sizeof(namebuf)); + if (nrdataset->type == dns_rdatatype_nsec && + NXND(dns_nsec_noexistnodata(type, name, nsec, + nrdataset, &exists, + &data, NULL, fctx_log, + fctx))) + { + if (!exists) + *noqname = nsec; + } + + if (nrdataset->type == dns_rdatatype_nsec3 && + NXND(dns_nsec3_noexistnodata(type, name, nsec, + nrdataset, zonename, + &exists, &data, + &optout, &unknown, + &setclosest, + &setnearest, + closest, nearest, + fctx_log, fctx))) + { + if (!exists && setnearest) + *noqname = nsec; + } + } + } + if (result == ISC_R_NOMORE) + result = ISC_R_SUCCESS; + return (result); +} + static inline isc_result_t cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, isc_stdtime_t now) @@ -4526,6 +4670,17 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, if (rdataset->ttl > res->view->maxcachettl) rdataset->ttl = res->view->maxcachettl; + /* + * Find the SIG for this rdataset, if we have it. + */ + for (sigrdataset = ISC_LIST_HEAD(name->list); + sigrdataset != NULL; + sigrdataset = ISC_LIST_NEXT(sigrdataset, link)) { + if (sigrdataset->type == dns_rdatatype_rrsig && + sigrdataset->covers == rdataset->type) + break; + } + /* * If this RRset is in a secure domain, is in bailiwick, * and is not glue, attempt DNSSEC validation. (We do not @@ -4546,16 +4701,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, */ if (rdataset->type == dns_rdatatype_rrsig) continue; - /* - * Find the SIG for this rdataset, if we have it. - */ - for (sigrdataset = ISC_LIST_HEAD(name->list); - sigrdataset != NULL; - sigrdataset = ISC_LIST_NEXT(sigrdataset, link)) { - if (sigrdataset->type == dns_rdatatype_rrsig && - sigrdataset->covers == rdataset->type) - break; - } + if (sigrdataset == NULL) { if (!ANSWER(rdataset) && need_validation) { /* @@ -4716,6 +4862,21 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, options = DNS_DBADD_FORCE; } else options = 0; + + if (ANSWER(rdataset) && + rdataset->type != dns_rdatatype_rrsig) { + isc_result_t tresult; + dns_name_t *noqname = NULL; + tresult = findnoqname(fctx, name, + rdataset->type, &noqname); + if (tresult == ISC_R_SUCCESS && + noqname != NULL) { + tresult = dns_rdataset_addnoqname( + rdataset, noqname); + RUNTIME_CHECK(tresult == ISC_R_SUCCESS); + } + } + /* * Now we can add the rdataset. */ @@ -4724,6 +4885,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, rdataset, options, addedrdataset); + if (result == DNS_R_UNCHANGED) { if (ANSWER(rdataset) && ardataset != NULL && diff --git a/lib/dns/result.c b/lib/dns/result.c index 192ea06b89..31d5ef3642 100644 --- a/lib/dns/result.c +++ b/lib/dns/result.c @@ -160,8 +160,9 @@ static const char *text[DNS_R_NRESULTS] = { "not master", /*%< 105 DNS_R_NOTMASTER */ "broken trust chain", /*%< 106 DNS_R_BROKENCHAIN */ - "expired", /*%< 106 DNS_R_EXPIRED */ - "not dynamic", /*%< 107 DNS_R_NOTDYNAMIC */ + "expired", /*%< 107 DNS_R_EXPIRED */ + "not dynamic", /*%< 108 DNS_R_NOTDYNAMIC */ + "unsafe name", /*%< 109 DNS_R_UNSAFENAME */ }; static const char *rcode_text[DNS_R_NRCODERESULTS] = { diff --git a/lib/dns/rootns.c b/lib/dns/rootns.c index 9b25369daa..ea2c182140 100644 --- a/lib/dns/rootns.c +++ b/lib/dns/rootns.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2008, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008, 2010, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -63,7 +63,7 @@ static char root_ns[] = "A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:BA3E::2:30\n" "B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201\n" "C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12\n" -"D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90\n" +"D.ROOT-SERVERS.NET. 3600000 IN A 199.7.91.13\n" "E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10\n" "F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241\n" "F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2F::F\n" diff --git a/lib/dns/sdb.c b/lib/dns/sdb.c index 3dd1c46e51..191fda219f 100644 --- a/lib/dns/sdb.c +++ b/lib/dns/sdb.c @@ -382,7 +382,7 @@ dns_sdb_putrr(dns_sdblookup_t *lookup, const char *type, dns_ttl_t ttl, datalen = strlen(data); size = initial_size(datalen); do { - isc_buffer_init(&b, data, datalen); + isc_buffer_constinit(&b, data, datalen); isc_buffer_add(&b, datalen); result = isc_lex_openbuffer(lex, &b); if (result != ISC_R_SUCCESS) @@ -448,7 +448,7 @@ getnode(dns_sdballnodes_t *allnodes, const char *name, dns_sdbnode_t **nodep) { origin = &sdb->common.origin; else origin = dns_rootname; - isc_buffer_init(&b, name, strlen(name)); + isc_buffer_constinit(&b, name, strlen(name)); isc_buffer_add(&b, strlen(name)); result = dns_name_fromtext(newname, &b, origin, 0, NULL); diff --git a/lib/dns/sdlz.c b/lib/dns/sdlz.c index a9b95240c5..9d4e615802 100644 --- a/lib/dns/sdlz.c +++ b/lib/dns/sdlz.c @@ -1841,7 +1841,7 @@ dns_sdlz_putrr(dns_sdlzlookup_t *lookup, const char *type, dns_ttl_t ttl, size = initial_size(data); do { - isc_buffer_init(&b, data, strlen(data)); + isc_buffer_constinit(&b, data, strlen(data)); isc_buffer_add(&b, strlen(data)); result = isc_lex_openbuffer(lex, &b); @@ -1907,7 +1907,7 @@ dns_sdlz_putnamedrr(dns_sdlzallnodes_t *allnodes, const char *name, origin = &sdlz->common.origin; else origin = dns_rootname; - isc_buffer_init(&b, name, strlen(name)); + isc_buffer_constinit(&b, name, strlen(name)); isc_buffer_add(&b, strlen(name)); result = dns_name_fromtext(newname, &b, origin, 0, NULL); diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c index 4136cbb020..601511b557 100644 --- a/lib/dns/spnego.c +++ b/lib/dns/spnego.c @@ -1553,6 +1553,11 @@ spnego_initial(OM_uint32 *minor_status, buf_size = 1024; buf = malloc(buf_size); + if (buf == NULL) { + *minor_status = ENOMEM; + ret = GSS_S_FAILURE; + goto end; + } do { ret = encode_NegTokenInit(buf + buf_size - 1, diff --git a/lib/dns/spnego_asn1.c b/lib/dns/spnego_asn1.c index 75c2304d8e..f7d761ae61 100644 --- a/lib/dns/spnego_asn1.c +++ b/lib/dns/spnego_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2006, 2007, 2012 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -53,10 +53,10 @@ typedef struct oid { (R) = ENOMEM; \ } else { \ (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \ - (S), (L)); \ + (S), (L)); \ if((R) != 0) { \ - free((B)); \ - (B) = NULL; \ + free((B)); \ + (B) = NULL; \ } \ } \ } while (0) @@ -269,8 +269,14 @@ decode_MechTypeList(const unsigned char *p, size_t len, MechTypeList * data, siz (data)->len = 0; (data)->val = NULL; while (ret < origlen) { + void *old = (data)->val; (data)->len++; (data)->val = realloc((data)->val, sizeof(*((data)->val)) * (data)->len); + if ((data)->val == NULL) { + (data)->val = old; + (data)->len--; + return ENOMEM; + } e = decode_MechType(p, len, &(data)->val[(data)->len - 1], &l); FORW; len = origlen - ret; diff --git a/lib/dns/tests/dbiterator_test.c b/lib/dns/tests/dbiterator_test.c index 50fa9a251f..dc7b37058a 100644 --- a/lib/dns/tests/dbiterator_test.c +++ b/lib/dns/tests/dbiterator_test.c @@ -42,7 +42,7 @@ static isc_result_t make_name(const char *src, dns_name_t *name) { isc_buffer_t b; - isc_buffer_init(&b, src, strlen(src)); + isc_buffer_constinit(&b, src, strlen(src)); isc_buffer_add(&b, strlen(src)); return (dns_name_fromtext(name, &b, dns_rootname, 0, NULL)); } diff --git a/lib/dns/tests/dnstest.c b/lib/dns/tests/dnstest.c index 7235a49541..e403083457 100644 --- a/lib/dns/tests/dnstest.c +++ b/lib/dns/tests/dnstest.c @@ -214,7 +214,7 @@ dns_test_makezone(const char *name, dns_zone_t **zonep, dns_view_t *view, CHECK(dns_zone_create(&zone, mctx)); - isc_buffer_init(&buffer, name, strlen(name)); + isc_buffer_constinit(&buffer, name, strlen(name)); isc_buffer_add(&buffer, strlen(name)); dns_fixedname_init(&fixorigin); origin = dns_fixedname_name(&fixorigin); diff --git a/lib/dns/tests/master_test.c b/lib/dns/tests/master_test.c index 32b9b76850..d4f2c86de6 100644 --- a/lib/dns/tests/master_test.c +++ b/lib/dns/tests/master_test.c @@ -555,6 +555,28 @@ ATF_TC_BODY(dumpraw, tc) { dns_test_end(); } +/* Origin change test */ +ATF_TC(neworigin); +ATF_TC_HEAD(neworigin, tc) { + atf_tc_set_md_var(tc, "descr", "dns_master_loadfile() rejects " + "zones with inherited name following " + "$ORIGIN"); +} +ATF_TC_BODY(neworigin, tc) { + isc_result_t result; + + UNUSED(tc); + + result = dns_test_begin(NULL, ISC_FALSE); + ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); + + result = test_master("testdata/master/master17.data", + dns_masterformat_text); + ATF_REQUIRE_EQ(result, DNS_R_UNSAFENAME); + + dns_test_end(); +} + /* * Main */ @@ -575,6 +597,7 @@ ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, dumpraw); ATF_TP_ADD_TC(tp, toobig); ATF_TP_ADD_TC(tp, maxrdata); + ATF_TP_ADD_TC(tp, neworigin); return (atf_no_error()); } diff --git a/lib/dns/tests/testdata/master/master17.data b/lib/dns/tests/testdata/master/master17.data new file mode 100644 index 0000000000..4b2b63d253 --- /dev/null +++ b/lib/dns/tests/testdata/master/master17.data @@ -0,0 +1,14 @@ +$ORIGIN test. +$TTL 1000 +@ in soa localhost. postmaster.localhost. ( + 1993050801 ;serial + 3600 ;refresh + 1800 ;retry + 604800 ;expiration + 3600 ) ;minimum + in ns ns.test. + in ns ns2.test. + in ns ns3.test. +b in a 1.2.3.4 +$ORIGIN sub.test. + in a 4.3.2.1 diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c index 31b5cc3b8a..cc781993fb 100644 --- a/lib/dns/tsig.c +++ b/lib/dns/tsig.c @@ -974,6 +974,13 @@ dns_tsig_sign(dns_message_t *msg) { if (ret != ISC_R_SUCCESS) goto cleanup_context; } +#if defined(__clang__) && \ + ( __clang_major__ < 3 || \ + (__clang_major__ == 3 && __clang_minor__ < 2) || \ + (__clang_major__ == 4 && __clang_minor__ < 2)) + /* false positive: http://llvm.org/bugs/show_bug.cgi?id=14461 */ + else memset(&querytsig, 0, sizeof(querytsig)); +#endif /* * Digest the header. @@ -1229,6 +1236,13 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, if (ret != ISC_R_SUCCESS) return (ret); } +#if defined(__clang__) && \ + ( __clang_major__ < 3 || \ + (__clang_major__ == 3 && __clang_minor__ < 2) || \ + (__clang_major__ == 4 && __clang_minor__ < 2)) + /* false positive: http://llvm.org/bugs/show_bug.cgi?id=14461 */ + else memset(&querytsig, 0, sizeof(querytsig)); +#endif /* * Do the key name and algorithm match that of the query? diff --git a/lib/dns/validator.c b/lib/dns/validator.c index f65f8fff1e..b76dae6f46 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -157,7 +157,7 @@ validator_logv(dns_validator_t *val, isc_logcategory_t *category, ISC_FORMAT_PRINTF(5, 0); static void -validator_log(dns_validator_t *val, int level, const char *fmt, ...) +validator_log(void *val, int level, const char *fmt, ...) ISC_FORMAT_PRINTF(3, 4); static void @@ -850,452 +850,6 @@ cnamevalidated(isc_task_t *task, isc_event_t *event) { destroy(val); } -/*% - * Return ISC_R_SUCCESS if we can determine that the name doesn't exist - * or we can determine whether there is data or not at the name. - * If the name does not exist return the wildcard name. - * - * Return ISC_R_IGNORE when the NSEC is not the appropriate one. - */ -static isc_result_t -nsecnoexistnodata(dns_validator_t *val, dns_name_t *name, dns_name_t *nsecname, - dns_rdataset_t *nsecset, isc_boolean_t *exists, - isc_boolean_t *data, dns_name_t *wild) -{ - int order; - dns_rdata_t rdata = DNS_RDATA_INIT; - isc_result_t result; - dns_namereln_t relation; - unsigned int olabels, nlabels, labels; - dns_rdata_nsec_t nsec; - isc_boolean_t atparent; - isc_boolean_t ns; - isc_boolean_t soa; - - REQUIRE(exists != NULL); - REQUIRE(data != NULL); - REQUIRE(nsecset != NULL && - nsecset->type == dns_rdatatype_nsec); - - result = dns_rdataset_first(nsecset); - if (result != ISC_R_SUCCESS) { - validator_log(val, ISC_LOG_DEBUG(3), - "failure processing NSEC set"); - return (result); - } - dns_rdataset_current(nsecset, &rdata); - - validator_log(val, ISC_LOG_DEBUG(3), "looking for relevant nsec"); - relation = dns_name_fullcompare(name, nsecname, &order, &olabels); - - if (order < 0) { - /* - * The name is not within the NSEC range. - */ - validator_log(val, ISC_LOG_DEBUG(3), - "NSEC does not cover name, before NSEC"); - return (ISC_R_IGNORE); - } - - if (order == 0) { - /* - * The names are the same. If we are validating "." - * then atparent should not be set as there is no parent. - */ - atparent = (olabels != 1) && - dns_rdatatype_atparent(val->event->type); - ns = dns_nsec_typepresent(&rdata, dns_rdatatype_ns); - soa = dns_nsec_typepresent(&rdata, dns_rdatatype_soa); - if (ns && !soa) { - if (!atparent) { - /* - * This NSEC record is from somewhere higher in - * the DNS, and at the parent of a delegation. - * It can not be legitimately used here. - */ - validator_log(val, ISC_LOG_DEBUG(3), - "ignoring parent nsec"); - return (ISC_R_IGNORE); - } - } else if (atparent && ns && soa) { - /* - * This NSEC record is from the child. - * It can not be legitimately used here. - */ - validator_log(val, ISC_LOG_DEBUG(3), - "ignoring child nsec"); - return (ISC_R_IGNORE); - } - if (val->event->type == dns_rdatatype_cname || - val->event->type == dns_rdatatype_nxt || - val->event->type == dns_rdatatype_nsec || - val->event->type == dns_rdatatype_key || - !dns_nsec_typepresent(&rdata, dns_rdatatype_cname)) { - *exists = ISC_TRUE; - *data = dns_nsec_typepresent(&rdata, val->event->type); - validator_log(val, ISC_LOG_DEBUG(3), - "nsec proves name exists (owner) data=%d", - *data); - return (ISC_R_SUCCESS); - } - validator_log(val, ISC_LOG_DEBUG(3), "NSEC proves CNAME exists"); - return (ISC_R_IGNORE); - } - - if (relation == dns_namereln_subdomain && - dns_nsec_typepresent(&rdata, dns_rdatatype_ns) && - !dns_nsec_typepresent(&rdata, dns_rdatatype_soa)) - { - /* - * This NSEC record is from somewhere higher in - * the DNS, and at the parent of a delegation. - * It can not be legitimately used here. - */ - validator_log(val, ISC_LOG_DEBUG(3), "ignoring parent nsec"); - return (ISC_R_IGNORE); - } - - result = dns_rdata_tostruct(&rdata, &nsec, NULL); - if (result != ISC_R_SUCCESS) - return (result); - relation = dns_name_fullcompare(&nsec.next, name, &order, &nlabels); - if (order == 0) { - dns_rdata_freestruct(&nsec); - validator_log(val, ISC_LOG_DEBUG(3), - "ignoring nsec matches next name"); - return (ISC_R_IGNORE); - } - - if (order < 0 && !dns_name_issubdomain(nsecname, &nsec.next)) { - /* - * The name is not within the NSEC range. - */ - dns_rdata_freestruct(&nsec); - validator_log(val, ISC_LOG_DEBUG(3), - "ignoring nsec because name is past end of range"); - return (ISC_R_IGNORE); - } - - if (order > 0 && relation == dns_namereln_subdomain) { - validator_log(val, ISC_LOG_DEBUG(3), - "nsec proves name exist (empty)"); - dns_rdata_freestruct(&nsec); - *exists = ISC_TRUE; - *data = ISC_FALSE; - return (ISC_R_SUCCESS); - } - if (wild != NULL) { - dns_name_t common; - dns_name_init(&common, NULL); - if (olabels > nlabels) { - labels = dns_name_countlabels(nsecname); - dns_name_getlabelsequence(nsecname, labels - olabels, - olabels, &common); - } else { - labels = dns_name_countlabels(&nsec.next); - dns_name_getlabelsequence(&nsec.next, labels - nlabels, - nlabels, &common); - } - result = dns_name_concatenate(dns_wildcardname, &common, - wild, NULL); - if (result != ISC_R_SUCCESS) { - dns_rdata_freestruct(&nsec); - validator_log(val, ISC_LOG_DEBUG(3), - "failure generating wildcard name"); - return (result); - } - } - dns_rdata_freestruct(&nsec); - validator_log(val, ISC_LOG_DEBUG(3), "nsec range ok"); - *exists = ISC_FALSE; - return (ISC_R_SUCCESS); -} - -static isc_result_t -nsec3noexistnodata(dns_validator_t *val, dns_name_t* name, - dns_name_t *nsec3name, dns_rdataset_t *nsec3set, - dns_name_t *zonename, isc_boolean_t *exists, - isc_boolean_t *data, isc_boolean_t *optout, - isc_boolean_t *unknown, isc_boolean_t *setclosest, - isc_boolean_t *setnearest, dns_name_t *closest, - dns_name_t *nearest) -{ - char namebuf[DNS_NAME_FORMATSIZE]; - dns_fixedname_t fzone; - dns_fixedname_t qfixed; - dns_label_t hashlabel; - dns_name_t *qname; - dns_name_t *zone; - dns_rdata_nsec3_t nsec3; - dns_rdata_t rdata = DNS_RDATA_INIT; - int order; - int scope; - isc_boolean_t atparent; - isc_boolean_t first; - isc_boolean_t ns; - isc_boolean_t soa; - isc_buffer_t buffer; - isc_result_t answer = ISC_R_IGNORE; - isc_result_t result; - unsigned char hash[NSEC3_MAX_HASH_LENGTH]; - unsigned char owner[NSEC3_MAX_HASH_LENGTH]; - unsigned int length; - unsigned int qlabels; - unsigned int zlabels; - - REQUIRE((exists == NULL && data == NULL) || - (exists != NULL && data != NULL)); - REQUIRE(nsec3set != NULL && nsec3set->type == dns_rdatatype_nsec3); - REQUIRE((setclosest == NULL && closest == NULL) || - (setclosest != NULL && closest != NULL)); - REQUIRE((setnearest == NULL && nearest == NULL) || - (setnearest != NULL && nearest != NULL)); - - result = dns_rdataset_first(nsec3set); - if (result != ISC_R_SUCCESS) { - validator_log(val, ISC_LOG_DEBUG(3), - "failure processing NSEC3 set"); - return (result); - } - - dns_rdataset_current(nsec3set, &rdata); - - result = dns_rdata_tostruct(&rdata, &nsec3, NULL); - if (result != ISC_R_SUCCESS) - return (result); - - validator_log(val, ISC_LOG_DEBUG(3), "looking for relevant NSEC3"); - - dns_fixedname_init(&fzone); - zone = dns_fixedname_name(&fzone); - zlabels = dns_name_countlabels(nsec3name); - - /* - * NSEC3 records must have two or more labels to be valid. - */ - if (zlabels < 2) - return (ISC_R_IGNORE); - - /* - * Strip off the NSEC3 hash to get the zone. - */ - zlabels--; - dns_name_split(nsec3name, zlabels, NULL, zone); - - /* - * If not below the zone name we can ignore this record. - */ - if (!dns_name_issubdomain(name, zone)) - return (ISC_R_IGNORE); - - /* - * Is this zone the same or deeper than the current zone? - */ - if (dns_name_countlabels(zonename) == 0 || - dns_name_issubdomain(zone, zonename)) - dns_name_copy(zone, zonename, NULL); - - if (!dns_name_equal(zone, zonename)) - return (ISC_R_IGNORE); - - /* - * Are we only looking for the most enclosing zone? - */ - if (exists == NULL || data == NULL) - return (ISC_R_SUCCESS); - - /* - * Only set unknown once we are sure that this NSEC3 is from - * the deepest covering zone. - */ - if (!dns_nsec3_supportedhash(nsec3.hash)) { - if (unknown != NULL) - *unknown = ISC_TRUE; - return (ISC_R_IGNORE); - } - - /* - * Recover the hash from the first label. - */ - dns_name_getlabel(nsec3name, 0, &hashlabel); - isc_region_consume(&hashlabel, 1); - isc_buffer_init(&buffer, owner, sizeof(owner)); - result = isc_base32hex_decoderegion(&hashlabel, &buffer); - if (result != ISC_R_SUCCESS) - return (result); - - /* - * The hash lengths should match. If not ignore the record. - */ - if (isc_buffer_usedlength(&buffer) != nsec3.next_length) - return (ISC_R_IGNORE); - - /* - * Work out what this NSEC3 covers. - * Inside (<0) or outside (>=0). - */ - scope = memcmp(owner, nsec3.next, nsec3.next_length); - - /* - * Prepare to compute all the hashes. - */ - dns_fixedname_init(&qfixed); - qname = dns_fixedname_name(&qfixed); - dns_name_downcase(name, qname, NULL); - qlabels = dns_name_countlabels(qname); - first = ISC_TRUE; - - while (qlabels >= zlabels) { - length = isc_iterated_hash(hash, nsec3.hash, nsec3.iterations, - nsec3.salt, nsec3.salt_length, - qname->ndata, qname->length); - /* - * The computed hash length should match. - */ - if (length != nsec3.next_length) { - validator_log(val, ISC_LOG_DEBUG(3), - "ignoring NSEC bad length %u vs %u", - length, nsec3.next_length); - return (ISC_R_IGNORE); - } - - order = memcmp(hash, owner, length); - if (first && order == 0) { - /* - * The hashes are the same. - */ - atparent = dns_rdatatype_atparent(val->event->type); - ns = dns_nsec3_typepresent(&rdata, dns_rdatatype_ns); - soa = dns_nsec3_typepresent(&rdata, dns_rdatatype_soa); - if (ns && !soa) { - if (!atparent) { - /* - * This NSEC3 record is from somewhere - * higher in the DNS, and at the - * parent of a delegation. It can not - * be legitimately used here. - */ - validator_log(val, ISC_LOG_DEBUG(3), - "ignoring parent NSEC3"); - return (ISC_R_IGNORE); - } - } else if (atparent && ns && soa) { - /* - * This NSEC3 record is from the child. - * It can not be legitimately used here. - */ - validator_log(val, ISC_LOG_DEBUG(3), - "ignoring child NSEC3"); - return (ISC_R_IGNORE); - } - if (val->event->type == dns_rdatatype_cname || - val->event->type == dns_rdatatype_nxt || - val->event->type == dns_rdatatype_nsec || - val->event->type == dns_rdatatype_key || - !dns_nsec3_typepresent(&rdata, dns_rdatatype_cname)) { - *exists = ISC_TRUE; - *data = dns_nsec3_typepresent(&rdata, - val->event->type); - validator_log(val, ISC_LOG_DEBUG(3), - "NSEC3 proves name exists (owner) " - "data=%d", *data); - return (ISC_R_SUCCESS); - } - validator_log(val, ISC_LOG_DEBUG(3), - "NSEC3 proves CNAME exists"); - return (ISC_R_IGNORE); - } - - if (order == 0 && - dns_nsec3_typepresent(&rdata, dns_rdatatype_ns) && - !dns_nsec3_typepresent(&rdata, dns_rdatatype_soa)) - { - /* - * This NSEC3 record is from somewhere higher in - * the DNS, and at the parent of a delegation. - * It can not be legitimately used here. - */ - validator_log(val, ISC_LOG_DEBUG(3), - "ignoring parent NSEC3"); - return (ISC_R_IGNORE); - } - - /* - * Potential closest encloser. - */ - if (order == 0) { - if (closest != NULL && - (dns_name_countlabels(closest) == 0 || - dns_name_issubdomain(qname, closest)) && - !dns_nsec3_typepresent(&rdata, dns_rdatatype_ds) && - !dns_nsec3_typepresent(&rdata, dns_rdatatype_dname) && - (dns_nsec3_typepresent(&rdata, dns_rdatatype_soa) || - !dns_nsec3_typepresent(&rdata, dns_rdatatype_ns))) - { - - dns_name_format(qname, namebuf, - sizeof(namebuf)); - validator_log(val, ISC_LOG_DEBUG(3), - "NSEC3 indicates potential " - "closest encloser: '%s'", - namebuf); - dns_name_copy(qname, closest, NULL); - *setclosest = ISC_TRUE; - } - dns_name_format(qname, namebuf, sizeof(namebuf)); - validator_log(val, ISC_LOG_DEBUG(3), - "NSEC3 at super-domain %s", namebuf); - return (answer); - } - - /* - * Find if the name does not exist. - * - * We continue as we need to find the name closest to the - * closest encloser that doesn't exist. - * - * We also need to continue to ensure that we are not - * proving the non-existence of a record in a sub-zone. - * If that would be the case we will return ISC_R_IGNORE - * above. - */ - if ((scope < 0 && order > 0 && - memcmp(hash, nsec3.next, length) < 0) || - (scope >= 0 && (order > 0 || - memcmp(hash, nsec3.next, length) < 0))) - { - char namebuf[DNS_NAME_FORMATSIZE]; - - dns_name_format(qname, namebuf, sizeof(namebuf)); - validator_log(val, ISC_LOG_DEBUG(3), "NSEC3 proves " - "name does not exist: '%s'", namebuf); - if (nearest != NULL && - (dns_name_countlabels(nearest) == 0 || - dns_name_issubdomain(nearest, qname))) { - dns_name_copy(qname, nearest, NULL); - *setnearest = ISC_TRUE; - } - - *exists = ISC_FALSE; - *data = ISC_FALSE; - if (optout != NULL) { - if ((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0) - validator_log(val, ISC_LOG_DEBUG(3), - "NSEC3 indicates optout"); - *optout = - ISC_TF(nsec3.flags & DNS_NSEC3FLAG_OPTOUT); - } - answer = ISC_R_SUCCESS; - } - - qlabels--; - if (qlabels > 0) - dns_name_split(qname, qlabels, NULL, qname); - first = ISC_FALSE; - } - return (answer); -} - /*% * Callback for when NSEC records have been validated. * @@ -1351,8 +905,9 @@ authvalidated(isc_task_t *task, isc_event_t *event) { rdataset->trust == dns_trust_secure && (NEEDNODATA(val) || NEEDNOQNAME(val)) && !FOUNDNODATA(val) && !FOUNDNOQNAME(val) && - nsecnoexistnodata(val, val->event->name, devent->name, - rdataset, &exists, &data, wild) + dns_nsec_noexistnodata(val->event->type, val->event->name, + devent->name, rdataset, &exists, + &data, wild, validator_log, val) == ISC_R_SUCCESS) { if (exists && !data) { @@ -2850,8 +2405,9 @@ checkwildcard(dns_validator_t *val, dns_rdatatype_t type, dns_name_t *zonename) if (rdataset->type == dns_rdatatype_nsec && (NEEDNODATA(val) || NEEDNOWILDCARD(val)) && !FOUNDNODATA(val) && !FOUNDNOWILDCARD(val) && - nsecnoexistnodata(val, wild, name, rdataset, - &exists, &data, NULL) + dns_nsec_noexistnodata(val->event->type, wild, name, + rdataset, &exists, &data, NULL, + validator_log, val) == ISC_R_SUCCESS) { dns_name_t **proofs = val->event->proofs; @@ -2874,10 +2430,11 @@ checkwildcard(dns_validator_t *val, dns_rdatatype_t type, dns_name_t *zonename) if (rdataset->type == dns_rdatatype_nsec3 && (NEEDNODATA(val) || NEEDNOWILDCARD(val)) && !FOUNDNODATA(val) && !FOUNDNOWILDCARD(val) && - nsec3noexistnodata(val, wild, name, rdataset, - zonename, &exists, &data, - NULL, NULL, NULL, NULL, NULL, - NULL) == ISC_R_SUCCESS) + dns_nsec3_noexistnodata(val->event->type, wild, name, + rdataset, zonename, &exists, &data, + NULL, NULL, NULL, NULL, NULL, NULL, + validator_log, val) + == ISC_R_SUCCESS) { dns_name_t **proofs = val->event->proofs; if (exists && !data) @@ -2939,11 +2496,12 @@ findnsec3proofs(dns_validator_t *val) { rdataset->trust != dns_trust_secure) continue; - result = nsec3noexistnodata(val, val->event->name, - name, rdataset, - zonename, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, - NULL); + result = dns_nsec3_noexistnodata(val->event->type, + val->event->name, name, + rdataset, zonename, NULL, + NULL, NULL, NULL, NULL, NULL, + NULL, NULL, validator_log, + val); if (result != ISC_R_IGNORE && result != ISC_R_SUCCESS) { if (dns_rdataset_isassociated(&trdataset)) dns_rdataset_disassociate(&trdataset); @@ -2991,11 +2549,13 @@ findnsec3proofs(dns_validator_t *val) { setclosest = setnearest = ISC_FALSE; optout = ISC_FALSE; unknown = ISC_FALSE; - result = nsec3noexistnodata(val, val->event->name, name, - rdataset, zonename, &exists, - &data, &optout, &unknown, - setclosestp, &setnearest, - closestp, nearest); + result = dns_nsec3_noexistnodata(val->event->type, + val->event->name, + name, rdataset, zonename, + &exists, &data, &optout, + &unknown, setclosestp, + &setnearest, closestp, + nearest, validator_log, val); if (unknown) val->attributes |= VALATTR_FOUNDUNKNOWN; if (result != ISC_R_SUCCESS) @@ -4371,7 +3931,7 @@ validator_logv(dns_validator_t *val, isc_logcategory_t *category, } static void -validator_log(dns_validator_t *val, int level, const char *fmt, ...) { +validator_log(void *val, int level, const char *fmt, ...) { va_list ap; if (! isc_log_wouldlog(dns_lctx, level)) diff --git a/lib/export/samples/sample-request.c b/lib/export/samples/sample-request.c index fd1ba4cef8..46629f0328 100644 --- a/lib/export/samples/sample-request.c +++ b/lib/export/samples/sample-request.c @@ -82,7 +82,7 @@ make_querymessage(dns_message_t *message, const char *namestr, /* Construct qname */ namelen = strlen(namestr); - isc_buffer_init(&b, namestr, namelen); + isc_buffer_constinit(&b, namestr, namelen); isc_buffer_add(&b, namelen); dns_fixedname_init(&fixedqname); qname0 = dns_fixedname_name(&fixedqname); diff --git a/lib/export/samples/sample.c b/lib/export/samples/sample.c index 841f4f4c50..c7c542b1e5 100644 --- a/lib/export/samples/sample.c +++ b/lib/export/samples/sample.c @@ -204,7 +204,7 @@ addserver(dns_client_t *client, const char *addrstr, const char *namespace) { if (namespace != NULL) { namelen = strlen(namespace); - isc_buffer_init(&b, namespace, namelen); + isc_buffer_constinit(&b, namespace, namelen); isc_buffer_add(&b, namelen); dns_fixedname_init(&fname); name = dns_fixedname_name(&fname); diff --git a/lib/irs/dnsconf.c b/lib/irs/dnsconf.c index 4a7d58bfbc..529cebd6ba 100644 --- a/lib/irs/dnsconf.c +++ b/lib/irs/dnsconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -144,8 +144,8 @@ configure_dnsseckeys(irs_dnsconf_t *conf, cfg_obj_t *cfgobj, /* Configure key name */ dns_fixedname_init(&fkeyname); keyname_base = dns_fixedname_name(&fkeyname); - isc_buffer_init(&namebuf, keynamestr, - strlen(keynamestr)); + isc_buffer_constinit(&namebuf, keynamestr, + strlen(keynamestr)); isc_buffer_add(&namebuf, strlen(keynamestr)); result = dns_name_fromtext(keyname_base, &namebuf, dns_rootname, 0, NULL); diff --git a/lib/irs/getaddrinfo.c b/lib/irs/getaddrinfo.c index b2ed946214..4e86706fe5 100644 --- a/lib/irs/getaddrinfo.c +++ b/lib/irs/getaddrinfo.c @@ -552,7 +552,7 @@ make_resstate(isc_mem_t *mctx, gai_statehead_t *head, const char *hostname, /* Construct base domain name */ namelen = strlen(domain); - isc_buffer_init(&b, domain, namelen); + isc_buffer_constinit(&b, domain, namelen); isc_buffer_add(&b, namelen); dns_fixedname_init(&fixeddomain); qdomain = dns_fixedname_name(&fixeddomain); @@ -564,7 +564,7 @@ make_resstate(isc_mem_t *mctx, gai_statehead_t *head, const char *hostname, /* Construct query name */ namelen = strlen(hostname); - isc_buffer_init(&b, hostname, namelen); + isc_buffer_constinit(&b, hostname, namelen); isc_buffer_add(&b, namelen); dns_fixedname_init(&state->fixedname); state->qname = dns_fixedname_name(&state->fixedname); diff --git a/lib/isc/buffer.c b/lib/isc/buffer.c index 1b59e650ac..e37af15968 100644 --- a/lib/isc/buffer.c +++ b/lib/isc/buffer.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -28,7 +28,7 @@ #include void -isc__buffer_init(isc_buffer_t *b, const void *base, unsigned int length) { +isc__buffer_init(isc_buffer_t *b, void *base, unsigned int length) { /* * Make 'b' refer to the 'length'-byte region starting at 'base'. * XXXDCL see the comment in buffer.h about base being const. diff --git a/lib/isc/include/isc/buffer.h b/lib/isc/include/isc/buffer.h index ae7e4c3dfc..72b856056a 100644 --- a/lib/isc/include/isc/buffer.h +++ b/lib/isc/include/isc/buffer.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2010, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -222,7 +222,7 @@ isc_buffer_free(isc_buffer_t **dynbuffer); */ void -isc__buffer_init(isc_buffer_t *b, const void *base, unsigned int length); +isc__buffer_init(isc_buffer_t *b, void *base, unsigned int length); /*!< * \brief Make 'b' refer to the 'length'-byte region starting at base. * @@ -681,12 +681,7 @@ ISC_LANG_ENDDECLS */ #define ISC__BUFFER_INIT(_b, _base, _length) \ do { \ - union { \ - const void * konst; \ - void * var; \ - } _u; \ - _u.konst = (_base); \ - (_b)->base = _u.var; \ + (_b)->base = _base; \ (_b)->length = (_length); \ (_b)->used = 0; \ (_b)->current = 0; \ @@ -896,6 +891,13 @@ ISC_LANG_ENDDECLS #define isc_buffer_putuint32 isc__buffer_putuint32 #endif +#define isc_buffer_constinit(_b, _d, _l) \ + do { \ + union { void *_var; const void *_const; } _deconst; \ + _deconst._const = (_d); \ + isc_buffer_init((_b), _deconst._var, (_l)); \ + } while (0) + /* * No inline method for this one (yet). */ diff --git a/lib/isc/include/isc/queue.h b/lib/isc/include/isc/queue.h index fc421beaa8..1cc6c12a4f 100644 --- a/lib/isc/include/isc/queue.h +++ b/lib/isc/include/isc/queue.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,6 +14,8 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* $Id$ */ + /* * This is a generic implementation of a two-lock concurrent queue. * There are built-in mutex locks for the head and tail of the queue, @@ -61,8 +63,8 @@ #define ISC_QUEUE_DESTROY(queue) \ do { \ ISC_QLINK_INSIST(ISC_QUEUE_EMPTY(queue)); \ - isc_mutex_destroy(&(queue).taillock); \ - isc_mutex_destroy(&(queue).headlock); \ + (void) isc_mutex_destroy(&(queue).taillock); \ + (void) isc_mutex_destroy(&(queue).headlock); \ } while (0) /* diff --git a/lib/isc/tests/parse_test.c b/lib/isc/tests/parse_test.c index 010768b07a..00a9fb74f3 100644 --- a/lib/isc/tests/parse_test.c +++ b/lib/isc/tests/parse_test.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,6 +14,8 @@ * PERFORMANCE OF THIS SOFTWARE. */ +/* $Id$ */ + /*! \file */ #include diff --git a/lib/isc/win32/time.c b/lib/isc/win32/time.c index fe303f3732..8aaf6bc65f 100644 --- a/lib/isc/win32/time.c +++ b/lib/isc/win32/time.c @@ -313,7 +313,7 @@ isc_time_formatISO8601(const isc_time_t *t, char *buf, unsigned int len) { GetTimeFormat(LOCALE_NEUTRAL, TIME_NOTIMEMARKER | TIME_FORCE24HOURFORMAT, &st, "hh':'mm':'ss", TimeBuf, 50); - snprintf(buf, len, "%s%sZ", DateBuf, TimeBuf); + snprintf(buf, len, "%sT%sZ", DateBuf, TimeBuf); } else { buf[0] = 0; } diff --git a/lib/isccfg/aclconf.c b/lib/isccfg/aclconf.c index 469989afce..af5659909e 100644 --- a/lib/isccfg/aclconf.c +++ b/lib/isccfg/aclconf.c @@ -192,7 +192,7 @@ convert_keyname(const cfg_obj_t *keyobj, isc_log_t *lctx, isc_mem_t *mctx, const char *txtname = cfg_obj_asstring(keyobj); keylen = strlen(txtname); - isc_buffer_init(&buf, txtname, keylen); + isc_buffer_constinit(&buf, txtname, keylen); isc_buffer_add(&buf, keylen); dns_fixedname_init(&fixname); result = dns_name_fromtext(dns_fixedname_name(&fixname), &buf, diff --git a/lib/lwres/getipnode.c b/lib/lwres/getipnode.c index da00e8c871..300376ef13 100644 --- a/lib/lwres/getipnode.c +++ b/lib/lwres/getipnode.c @@ -1119,6 +1119,8 @@ hostfromname(lwres_gabnresponse_t *name, int af) { * Copy aliases. */ he->h_aliases = malloc(sizeof(char *) * (name->naliases + 1)); + if (he->h_aliases == NULL) + goto cleanup; for (i = 0; i < name->naliases; i++) { he->h_aliases[i] = strdup(name->aliases[i]); if (he->h_aliases[i] == NULL) @@ -1130,6 +1132,8 @@ hostfromname(lwres_gabnresponse_t *name, int af) { * Copy addresses. */ he->h_addr_list = malloc(sizeof(char *) * (name->naddrs + 1)); + if (he->h_addr_list == NULL) + goto cleanup; addr = LWRES_LIST_HEAD(name->addrs); i = 0; while (addr != NULL) { diff --git a/util/copyrights b/util/copyrights index 2531b31ef5..b3160bd12a 100644 --- a/util/copyrights +++ b/util/copyrights @@ -1,7 +1,7 @@ ./.gitignore X 2012 ./Atffile X 2011 -./CHANGES X 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012 -./COPYRIGHT TXT 1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012 +./CHANGES X 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013 +./COPYRIGHT TXT 1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013 ./EXCLUDED X 2012 ./FAQ X 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010 ./FAQ.xml SGML 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010 @@ -39,7 +39,7 @@ ./bin/confgen/ddns-confgen.docbook SGML 2009 ./bin/confgen/ddns-confgen.html HTML DOCBOOK ./bin/confgen/include/confgen/os.h C 2009 -./bin/confgen/keygen.c C 2009 +./bin/confgen/keygen.c C 2009,2012 ./bin/confgen/keygen.h C 2009 ./bin/confgen/rndc-confgen.8 MAN DOCBOOK ./bin/confgen/rndc-confgen.c C 2001,2003,2004,2005,2007,2008,2009,2011 @@ -192,7 +192,7 @@ ./bin/named/lwdgrbn.c C 2000,2001,2003,2004,2005,2006,2007,2009 ./bin/named/lwdnoop.c C 2000,2001,2004,2005,2007,2008 ./bin/named/lwresd.8 MAN DOCBOOK -./bin/named/lwresd.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009 +./bin/named/lwresd.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2012 ./bin/named/lwresd.docbook SGML 2000,2001,2004,2005,2007,2008,2009 ./bin/named/lwresd.html HTML DOCBOOK ./bin/named/lwsearch.c C 2000,2001,2004,2005,2007 @@ -208,8 +208,8 @@ ./bin/named/server.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012 ./bin/named/sortlist.c C 2000,2001,2004,2005,2006,2007 ./bin/named/statschannel.c C 2008,2009,2010,2011,2012 -./bin/named/tkeyconf.c C 1999,2000,2001,2004,2005,2006,2007,2009,2010 -./bin/named/tsigconf.c C 1999,2000,2001,2004,2005,2006,2007,2009,2011 +./bin/named/tkeyconf.c C 1999,2000,2001,2004,2005,2006,2007,2009,2010,2012 +./bin/named/tsigconf.c C 1999,2000,2001,2004,2005,2006,2007,2009,2011,2012 ./bin/named/unix/Makefile.in MAKE 1999,2000,2001,2004,2007,2009,2011,2012 ./bin/named/unix/dlz_dlopen_driver.c C 2011,2012 ./bin/named/unix/include/named/os.h C 1999,2000,2001,2002,2004,2005,2007,2008,2009 @@ -267,11 +267,11 @@ ./bin/pkcs11/win32/pk11list.mak X 2009 ./bin/pkcs11/win32/win32.c C 2009 ./bin/python/.gitignore X 2012 -./bin/python/Makefile.in MAKE 2012 +./bin/python/Makefile.in MAKE 2012,2013 ./bin/python/dnssec-checkds.8 MAN 2012 -./bin/python/dnssec-checkds.docbook SGML 2012 +./bin/python/dnssec-checkds.docbook SGML 2012,2013 ./bin/python/dnssec-checkds.html HTML DOCBOOK -./bin/python/dnssec-checkds.py.in PYTHON 2012 +./bin/python/dnssec-checkds.py.in PYTHON 2012,2013 ./bin/rndc/.gitignore X 2012 ./bin/rndc/Makefile.in MAKE 2000,2001,2002,2004,2007,2009,2012 ./bin/rndc/include/rndc/os.h C 2001,2004,2005,2007,2009 @@ -355,7 +355,7 @@ ./bin/tests/db/dns_db_newversion_data X 1999,2000,2001 ./bin/tests/db/dns_db_origin_1.data X 1999,2000,2001 ./bin/tests/db/dns_db_origin_data X 1999,2000,2001 -./bin/tests/db/t_db.c C 1999,2000,2001,2004,2005,2007,2009,2011 +./bin/tests/db/t_db.c C 1999,2000,2001,2004,2005,2007,2009,2011,2012 ./bin/tests/db_test.c C 1999,2000,2001,2004,2005,2007,2008,2009,2011,2012 ./bin/tests/dnssec-signzone/Kexample.com.+005+07065.key X 2009 ./bin/tests/dnssec-signzone/Kexample.com.+005+07065.private X 2009 @@ -384,7 +384,7 @@ ./bin/tests/dst/Ktest.+003+49667.key X 2001,2004 ./bin/tests/dst/Makefile.in MAKE 1999,2000,2001,2002,2004,2006,2007,2008,2009,2010,2012 ./bin/tests/dst/dst_2_data X 1999,2000,2001 -./bin/tests/dst/dst_test.c C 1999,2000,2001,2004,2005,2007,2009 +./bin/tests/dst/dst_test.c C 1999,2000,2001,2004,2005,2007,2009,2012 ./bin/tests/dst/gsstest.c C 2006,2007,2009,2010,2011 ./bin/tests/dst/t2_data_1 X 1999,2000,2001 ./bin/tests/dst/t2_data_2 X 1999,2000,2001 @@ -517,7 +517,7 @@ ./bin/tests/rwlock_test.c C 1998,1999,2000,2001,2004,2005,2007 ./bin/tests/serial_test.c C 1999,2000,2001,2003,2004,2007 ./bin/tests/shutdown_test.c C 1998,1999,2000,2001,2004,2007,2011 -./bin/tests/sig0_test.c C 2000,2001,2004,2005,2007,2008,2009 +./bin/tests/sig0_test.c C 2000,2001,2004,2005,2007,2008,2009,2012 ./bin/tests/sock_test.c C 1998,1999,2000,2001,2004,2007,2008,2012 ./bin/tests/sockaddr/Makefile.in MAKE 1999,2000,2001,2002,2004,2007,2009,2012 ./bin/tests/sockaddr/t_sockaddr.c C 1999,2000,2001,2004,2007 @@ -649,23 +649,23 @@ ./bin/tests/system/cacheclean/clean.sh SH 2001,2004,2007,2011,2012 ./bin/tests/system/cacheclean/dig.batch X 2001 ./bin/tests/system/cacheclean/knowngood.dig.out X 2001 -./bin/tests/system/cacheclean/ns1/example.db ZONE 2001,2004,2007 +./bin/tests/system/cacheclean/ns1/example.db ZONE 2001,2004,2007,2012 ./bin/tests/system/cacheclean/ns1/flushtest.db ZONE 2011 ./bin/tests/system/cacheclean/ns1/named.conf CONF-C 2001,2004,2005,2007,2011 ./bin/tests/system/cacheclean/ns2/named.conf CONF-C 2001,2004,2005,2007,2011 ./bin/tests/system/cacheclean/tests.sh SH 2001,2004,2007,2011,2012 -./bin/tests/system/checkconf/bad-also-notify.conf CONF-C 2012 -./bin/tests/system/checkconf/bad-dnssec.conf CONF-C 2012 +./bin/tests/system/checkconf/bad-also-notify.conf CONF-C 2012,2013 +./bin/tests/system/checkconf/bad-dnssec.conf CONF-C 2012,2013 ./bin/tests/system/checkconf/bad-many.conf CONF-C 2005,2012 -./bin/tests/system/checkconf/bad-tsig.conf CONF-C 2012 +./bin/tests/system/checkconf/bad-tsig.conf CONF-C 2012,2013 ./bin/tests/system/checkconf/clean.sh SH 2011,2012 ./bin/tests/system/checkconf/dnssec.1 CONF-C 2011 ./bin/tests/system/checkconf/dnssec.2 CONF-C 2011 ./bin/tests/system/checkconf/dnssec.3 CONF-C 2011 ./bin/tests/system/checkconf/good.conf CONF-C 2005,2007,2010,2011,2012 ./bin/tests/system/checkconf/tests.sh SH 2005,2007,2010,2011,2012 -./bin/tests/system/checkds/clean.sh SH 2012 -./bin/tests/system/checkds/dig.sh SH 2012 +./bin/tests/system/checkds/clean.sh SH 2012,2013 +./bin/tests/system/checkds/dig.sh SH 2012,2013 ./bin/tests/system/checkds/missing.example.dlv.example.dlv.db X 2012 ./bin/tests/system/checkds/missing.example.dnskey.db X 2012 ./bin/tests/system/checkds/missing.example.ds.db X 2012 @@ -675,8 +675,8 @@ ./bin/tests/system/checkds/ok.example.dlv.example.dlv.db X 2012 ./bin/tests/system/checkds/ok.example.dnskey.db X 2012 ./bin/tests/system/checkds/ok.example.ds.db X 2012 -./bin/tests/system/checkds/setup.sh SH 2012 -./bin/tests/system/checkds/tests.sh SH 2012 +./bin/tests/system/checkds/setup.sh SH 2012,2013 +./bin/tests/system/checkds/tests.sh SH 2012,2013 ./bin/tests/system/checkds/wrong.example.dlv.example.dlv.db X 2012 ./bin/tests/system/checkds/wrong.example.dnskey.db X 2012 ./bin/tests/system/checkds/wrong.example.ds.db X 2012 @@ -1022,8 +1022,8 @@ ./bin/tests/system/lwresd/resolv.conf CONF-SH 2000,2001,2004,2007,2012 ./bin/tests/system/lwresd/tests.sh SH 2000,2001,2004,2007,2011,2012 ./bin/tests/system/masterfile/clean.sh SH 2001,2004,2007,2010,2012 -./bin/tests/system/masterfile/knowngood.dig.out X 2001,2004 -./bin/tests/system/masterfile/ns1/include.db ZONE 2001,2004,2007 +./bin/tests/system/masterfile/knowngood.dig.out X 2001,2004,2012 +./bin/tests/system/masterfile/ns1/include.db ZONE 2001,2004,2007,2012 ./bin/tests/system/masterfile/ns1/named.conf CONF-C 2001,2004,2007 ./bin/tests/system/masterfile/ns1/sub.db ZONE 2001,2004,2007 ./bin/tests/system/masterfile/ns1/ttl1.db ZONE 2001,2004,2007 @@ -1063,7 +1063,7 @@ ./bin/tests/system/nsupdate/knowngood.ns1.afterstop X 2001,2004 ./bin/tests/system/nsupdate/knowngood.ns1.before X 2000,2001,2003,2004,2009 ./bin/tests/system/nsupdate/ns1/example1.db ZONE 2000,2001,2002,2004,2007,2009 -./bin/tests/system/nsupdate/ns1/named.conf CONF-C 2000,2001,2004,2005,2007,2009,2011 +./bin/tests/system/nsupdate/ns1/named.conf CONF-C 2000,2001,2004,2005,2007,2009,2011,2012 ./bin/tests/system/nsupdate/ns2/named.conf CONF-C 2000,2001,2004,2007,2011 ./bin/tests/system/nsupdate/ns3/dnskey.test.db.in ZONE 2011 ./bin/tests/system/nsupdate/ns3/example.db.in ZONE 2010 @@ -1163,7 +1163,7 @@ ./bin/tests/system/rndc/clean.sh SH 2011,2012 ./bin/tests/system/rndc/ns2/named.conf CONF-C 2011,2012 ./bin/tests/system/rndc/ns2/secondkey.conf CONF-C 2012 -./bin/tests/system/rndc/ns3/named.conf CONF-C 2012 +./bin/tests/system/rndc/ns3/named.conf CONF-C 2012,2013 ./bin/tests/system/rndc/setup.sh SH 2011,2012 ./bin/tests/system/rndc/tests.sh SH 2011,2012 ./bin/tests/system/rpz/.gitignore X 2012 @@ -1325,7 +1325,7 @@ ./bin/tests/system/testsock6.pl PERL 2010,2012 ./bin/tests/system/tkey/Makefile.in MAKE 2001,2002,2004,2007,2009,2012 ./bin/tests/system/tkey/clean.sh SH 2001,2004,2007,2011,2012 -./bin/tests/system/tkey/keycreate.c C 2001,2004,2005,2007,2009,2011 +./bin/tests/system/tkey/keycreate.c C 2001,2004,2005,2007,2009,2011,2012 ./bin/tests/system/tkey/keydelete.c C 2001,2004,2005,2007,2009,2010,2011 ./bin/tests/system/tkey/ns1/named.conf.in CONF-C 2001,2004,2007,2009,2011 ./bin/tests/system/tkey/ns1/setup.sh SH 2001,2004,2007,2009,2012 @@ -1409,6 +1409,21 @@ ./bin/tests/system/views/ns3/named2.conf CONF-C 2000,2001,2004,2007 ./bin/tests/system/views/setup.sh SH 2000,2001,2004,2007,2012 ./bin/tests/system/views/tests.sh SH 2000,2001,2004,2007,2012 +./bin/tests/system/wildcard/clean.sh SH 2012 +./bin/tests/system/wildcard/ns1/named.conf CONF-C 2012 +./bin/tests/system/wildcard/ns1/nsec.db.in ZONE 2012,2013 +./bin/tests/system/wildcard/ns1/nsec3.db.in ZONE 2012,2013 +./bin/tests/system/wildcard/ns1/private.nsec.db.in ZONE 2012,2013 +./bin/tests/system/wildcard/ns1/private.nsec3.db.in ZONE 2012,2013 +./bin/tests/system/wildcard/ns1/root.db.in ZONE 2012,2013 +./bin/tests/system/wildcard/ns1/sign.sh SH 2012 +./bin/tests/system/wildcard/ns2/hints ZONE 2012 +./bin/tests/system/wildcard/ns2/named.conf CONF-C 2012 +./bin/tests/system/wildcard/ns3/hints ZONE 2012 +./bin/tests/system/wildcard/ns3/named.conf CONF-C 2012 +./bin/tests/system/wildcard/ns4/named.conf CONF-C 2012 +./bin/tests/system/wildcard/setup.sh SH 2012 +./bin/tests/system/wildcard/tests.sh SH 2012 ./bin/tests/system/xfer/ans5/badkeydata X 2011 ./bin/tests/system/xfer/ans5/goodaxfr X 2011 ./bin/tests/system/xfer/ans5/partial X 2011 @@ -1558,11 +1573,11 @@ ./bind.keys X 2009,2010,2011 ./config.guess X 1998,1999,2000,2001,2004,2009 ./config.h.in X 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012 -./config.h.win32 C 1999,2000,2001,2004,2006,2007,2008,2009,2011 +./config.h.win32 C 1999,2000,2001,2004,2006,2007,2008,2009,2011,2012 ./config.sub X 1998,1999,2000,2001,2004 ./config.threads.in X 2005,2006,2010,2011,2012 -./configure X 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012 -./configure.in SH 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012 +./configure X 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013 +./configure.in SH 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013 ./conftools/perllib/dnsconf/DNSConf-macros.h C 2000,2001,2004,2007 ./conftools/perllib/dnsconf/DNSConf.i C 2000,2001,2004,2007 ./conftools/perllib/dnsconf/Makefile.PL PERL 2000,2001,2004,2007,2012 @@ -1602,7 +1617,7 @@ ./contrib/dlz/example/Makefile X 2010 ./contrib/dlz/example/README X 2011 ./contrib/dlz/example/dlz_example.c X 2010,2011,2012 -./contrib/dlz/example/dlz_minimal.h X 2010,2011 +./contrib/dlz/example/dlz_minimal.h X 2010,2011,2012 ./contrib/dlz/example/named.conf X 2011 ./contrib/dlz/example/win32/DLLMain.c X 2011 ./contrib/dlz/example/win32/dxdriver.def X 2011 @@ -2210,7 +2225,7 @@ ./lib/dns/include/dns/name.h C 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2009,2010,2011,2012 ./lib/dns/include/dns/ncache.h C 1999,2000,2001,2002,2004,2005,2006,2007,2008,2009,2010 ./lib/dns/include/dns/nsec.h C 1999,2000,2001,2003,2004,2005,2006,2007,2008,2011,2012 -./lib/dns/include/dns/nsec3.h C 2008,2009,2010,2011 +./lib/dns/include/dns/nsec3.h C 2008,2009,2010,2011,2012 ./lib/dns/include/dns/opcode.h C 2002,2004,2005,2006,2007 ./lib/dns/include/dns/order.h C 2002,2004,2005,2006,2007 ./lib/dns/include/dns/peer.h C 2000,2001,2003,2004,2005,2006,2007,2008,2009 @@ -2227,7 +2242,7 @@ ./lib/dns/include/dns/rdatatype.h C 1998,1999,2000,2001,2004,2005,2006,2007,2008 ./lib/dns/include/dns/request.h C 2000,2001,2002,2004,2005,2006,2007,2009,2010 ./lib/dns/include/dns/resolver.h C 1999,2000,2001,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012 -./lib/dns/include/dns/result.h C 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011 +./lib/dns/include/dns/result.h C 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012 ./lib/dns/include/dns/rootns.h C 1999,2000,2001,2004,2005,2006,2007 ./lib/dns/include/dns/rpz.h C 2011,2012 ./lib/dns/include/dns/rriterator.h C 2009,2011 @@ -2281,7 +2296,7 @@ ./lib/dns/opensslgost_link.c C 2010,2011,2012 ./lib/dns/opensslrsa_link.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2011,2012 ./lib/dns/order.c C 2002,2004,2005,2007 -./lib/dns/peer.c C 2000,2001,2003,2004,2005,2006,2007,2008,2009 +./lib/dns/peer.c C 2000,2001,2003,2004,2005,2006,2007,2008,2009,2012 ./lib/dns/portlist.c C 2003,2004,2005,2006,2007 ./lib/dns/private.c C 2009,2011,2012 ./lib/dns/rbt.c C 1999,2000,2001,2002,2003,2004,2005,2007,2008,2009,2011,2012 @@ -2377,7 +2392,7 @@ ./lib/dns/rdata/generic/tkey_249.h C 1999,2000,2001,2003,2004,2005,2007 ./lib/dns/rdata/generic/tlsa_52.c C 2012 ./lib/dns/rdata/generic/tlsa_52.h C 2012 -./lib/dns/rdata/generic/txt_16.c C 1998,1999,2000,2001,2002,2004,2007,2008,2009 +./lib/dns/rdata/generic/txt_16.c C 1998,1999,2000,2001,2002,2004,2007,2008,2009,2012 ./lib/dns/rdata/generic/txt_16.h C 1998,1999,2000,2001,2004,2005,2007 ./lib/dns/rdata/generic/unspec_103.c C 1999,2000,2001,2002,2004,2007,2009 ./lib/dns/rdata/generic/unspec_103.h C 1999,2000,2001,2004,2005,2007 @@ -2419,7 +2434,7 @@ ./lib/dns/request.c C 2000,2001,2002,2004,2005,2006,2007,2008,2009,2010,2011,2012 ./lib/dns/resolver.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012 ./lib/dns/result.c C 1998,1999,2000,2001,2002,2003,2004,2005,2007,2008,2009,2010,2011,2012 -./lib/dns/rootns.c C 1999,2000,2001,2002,2004,2005,2007,2008,2010 +./lib/dns/rootns.c C 1999,2000,2001,2002,2004,2005,2007,2008,2010,2012 ./lib/dns/rpz.c C 2011,2012 ./lib/dns/rriterator.c C 2009,2011,2012 ./lib/dns/sdb.c C 2000,2001,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012 @@ -2428,7 +2443,7 @@ ./lib/dns/spnego.asn1 X 2006 ./lib/dns/spnego.c C 2006,2007,2008,2009,2010,2011,2012 ./lib/dns/spnego.h C 2006,2007 -./lib/dns/spnego_asn1.c C 2006,2007 +./lib/dns/spnego_asn1.c C 2006,2007,2012 ./lib/dns/spnego_asn1.pl PERL 2006,2007,2012 ./lib/dns/ssu.c C 2000,2001,2003,2004,2005,2006,2007,2008,2010,2011 ./lib/dns/ssu_external.c C 2011,2012 @@ -2462,6 +2477,7 @@ ./lib/dns/tests/testdata/master/master14.data.in X 2011 ./lib/dns/tests/testdata/master/master15.data X 2012 ./lib/dns/tests/testdata/master/master16.data X 2012 +./lib/dns/tests/testdata/master/master17.data X 2012 ./lib/dns/tests/testdata/master/master2.data X 2011 ./lib/dns/tests/testdata/master/master3.data X 2011 ./lib/dns/tests/testdata/master/master4.data X 2011 @@ -2541,7 +2557,7 @@ ./lib/irs/Makefile.in MAKE 2009,2012 ./lib/irs/api X 2009,2010,2011,2012 ./lib/irs/context.c C 2009 -./lib/irs/dnsconf.c C 2009 +./lib/irs/dnsconf.c C 2009,2012 ./lib/irs/gai_strerror.c C 2009 ./lib/irs/getaddrinfo.c C 2009,2012 ./lib/irs/getnameinfo.c C 2009,2011,2012 @@ -2570,7 +2586,7 @@ ./lib/isc/base32.c C 2008,2009 ./lib/isc/base64.c C 1998,1999,2000,2001,2003,2004,2005,2007,2009 ./lib/isc/bitstring.c C 1999,2000,2001,2004,2005,2007 -./lib/isc/buffer.c C 1998,1999,2000,2001,2002,2004,2005,2006,2007,2008 +./lib/isc/buffer.c C 1998,1999,2000,2001,2002,2004,2005,2006,2007,2008,2012 ./lib/isc/bufferlist.c C 1999,2000,2001,2004,2005,2007 ./lib/isc/commandline.c C.PORTION 1999,2000,2001,2004,2005,2007,2008 ./lib/isc/entropy.c C 2000,2001,2002,2003,2004,2005,2006,2007,2009,2010 @@ -2597,7 +2613,7 @@ ./lib/isc/include/isc/bind9.h C 2009 ./lib/isc/include/isc/bitstring.h C 1999,2000,2001,2004,2005,2006,2007 ./lib/isc/include/isc/boolean.h C 1998,1999,2000,2001,2004,2005,2006,2007 -./lib/isc/include/isc/buffer.h C 1998,1999,2000,2001,2002,2004,2005,2006,2007,2008,2010 +./lib/isc/include/isc/buffer.h C 1998,1999,2000,2001,2002,2004,2005,2006,2007,2008,2010,2012 ./lib/isc/include/isc/bufferlist.h C 1999,2000,2001,2004,2005,2006,2007 ./lib/isc/include/isc/commandline.h C 1999,2000,2001,2004,2005,2006,2007 ./lib/isc/include/isc/entropy.h C 2000,2001,2004,2005,2006,2007,2009 @@ -2637,7 +2653,7 @@ ./lib/isc/include/isc/platform.h.in C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010 ./lib/isc/include/isc/portset.h C 2008,2009 ./lib/isc/include/isc/print.h C 1999,2000,2001,2003,2004,2005,2006,2007 -./lib/isc/include/isc/queue.h C 2011,2012 +./lib/isc/include/isc/queue.h C 2011,2012,2013 ./lib/isc/include/isc/quota.h C 2000,2001,2004,2005,2007 ./lib/isc/include/isc/radix.h C 2007,2008 ./lib/isc/include/isc/random.h C 1999,2000,2001,2004,2005,2006,2007,2009 @@ -2747,7 +2763,7 @@ ./lib/isc/tests/hash_test.c C 2011,2012 ./lib/isc/tests/isctest.c C 2011,2012 ./lib/isc/tests/isctest.h C 2011,2012 -./lib/isc/tests/parse_test.c C 2012 +./lib/isc/tests/parse_test.c C 2012,2013 ./lib/isc/tests/queue_test.c C 2011,2012 ./lib/isc/tests/sockaddr_test.c C 2012 ./lib/isc/tests/socket_test.c C 2011,2012 @@ -3356,7 +3372,7 @@ ./util/check-pullups.pl PERL 2001,2002,2003,2004,2007,2012 ./util/check-sources.pl PERL 2000,2001,2004,2007,2012 ./util/commit-arm.sh SH 2012 -./util/copyrights X 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012 +./util/copyrights X 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013 ./util/file_year.sh SH 2012 ./util/kit.sh SH 2000,2001,2002,2003,2004,2007,2008,2009,2010,2012 ./util/mandoc2docbook.pl PERL 2001,2004,2007,2012 @@ -3373,15 +3389,17 @@ ./util/update-drafts.pl PERL 2000,2001,2004,2007,2012 ./util/update_branches PERL 2005,2007,2012 ./util/update_copyrights PERL 1998,1999,2000,2001,2004,2005,2006,2007,2008,2009,2010,2012 +./util/xc SH 2012,2013 ./version X 1998,1999,2000,2001,2003,2005,2006,2007,2008,2009,2010,2011,2012 ./win32utils/BINDBuild.dsw X 2001,2005,2006,2008,2009,2010 ./win32utils/BuildAll.bat BAT 2001,2002,2004,2005,2006,2007,2008,2009,2010 ./win32utils/BuildPost.bat BAT 2005,2006 -./win32utils/BuildSetup.bat BAT 2001,2002,2004,2005,2006,2007,2008,2009,2010 +./win32utils/BuildSetup.bat BAT 2001,2002,2004,2005,2006,2007,2008,2009,2010,2012 ./win32utils/SetupLibs.bat BAT 2007,2009,2011 ./win32utils/dnsheadergen.bat BAT 2001,2004 ./win32utils/index.html HTML 2006,2007,2008,2012 ./win32utils/makedefs.pl PERL 2001,2004,2007,2009,2012 +./win32utils/makesrcid.pl PERL 2012 ./win32utils/makeversion.pl PERL 2001,2004,2007,2012 ./win32utils/readme1st.txt TXT.BRIEF 2001,2003,2004,2005,2007,2008,2009,2012 ./win32utils/setpk11provider.pl PERL 2009,2012 diff --git a/util/xc b/util/xc new file mode 100755 index 0000000000..c92098e7ec --- /dev/null +++ b/util/xc @@ -0,0 +1,41 @@ +# Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id$ + +# +# test cross compiler +# + +chmod= +next=0 +for t in ${BUILD_CC} gcc cc +do + type $t > /dev/null 2>&1 && cc=$t && break +done +for i in "$@" +do + [ $next = 1 ] && chmod="$i" + case "$i" in + -o) next=1;; + *) next=0;; + esac +done +if ${cc:-false} "$@" +then + [ "$chmod" != "" ] && chmod a-x "$chmod" + exit 0; +else + exit 1; +fi diff --git a/win32utils/BuildSetup.bat b/win32utils/BuildSetup.bat index d3b5bde25d..f323e5d26f 100644 --- a/win32utils/BuildSetup.bat +++ b/win32utils/BuildSetup.bat @@ -31,8 +31,10 @@ perl updatelibxml2.pl rem Generate the version information perl makeversion.pl -rem Generate header files for lib/dns +rem Generate the SRCID information +perl makesrcid.pl +rem Generate header files for lib/dns call dnsheadergen.bat rem Make sure that the Build directories are there. diff --git a/win32utils/makesrcid.pl b/win32utils/makesrcid.pl new file mode 100644 index 0000000000..f46fe47233 --- /dev/null +++ b/win32utils/makesrcid.pl @@ -0,0 +1,81 @@ +#!/usr/bin/perl +# +# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id$ + +# This script converts the SRCID information in ../srcid into a srcid.h +# file, defining SRCID, which can be included by config.h. + +open (SRCIDH, ">../srcid.h") or die "cannot open srcid.h: $!"; + +my $srcid = "unset"; + +if (open (SRCIDFILE, "../srcid")) { + LOOP: while () { + chomp; + ($data) = split(/\#/); + if($data) { + ($name, $value) = split(/=/,$data); + ($name) = split(/\s+/, $name); + ($value) = split(/\s+/, $value); + next LOOP if ($name != "SRCID"); + $srcid = $value; + } + } + close(SRCIDFILE); +} + +# Now set up the output version file + +$ThisDate = scalar localtime(); + +#Standard Header + +print SRCIDH '/* + * Copyright (C) 2012 Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING + * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, + * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION + * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +'; + +print SRCIDH "/*\n"; +print SRCIDH " * srcid.h"; +print SRCIDH " * Generated automatically by makesrcid.pl.\n"; +print SRCIDH " * Date generated: $ThisDate\n"; +print SRCIDH " */\n\n"; + +print SRCIDH ' +#ifndef SRCID_H +#define SRCID_H 1 +'; + +print "BIND SRCID: $srcid\n"; + +print SRCIDH "#define SRCID\t\"$srcid\"\n"; +print SRCIDH "#endif /* SRCID_H */\n"; +close SRCIDH;