mirror of
https://github.com/NLnetLabs/unbound.git
synced 2026-02-18 18:25:10 -05:00
Merge branch 'updated-with-master/xfr-tsig' into hackathon/poisonlicious-new-tsig-code
This commit is contained in:
commit
433bb1c7bc
31 changed files with 5116 additions and 752 deletions
106
Makefile.in
106
Makefile.in
|
|
@ -130,7 +130,7 @@ util/fptr_wlist.c util/locks.c util/log.c util/mini_event.c util/module.c \
|
|||
util/netevent.c util/net_help.c util/random.c util/rbtree.c util/regional.c \
|
||||
util/rtt.c util/siphash.c util/edns.c util/storage/dnstree.c util/storage/lookup3.c \
|
||||
util/storage/lruhash.c util/storage/slabhash.c util/tcp_conn_limit.c \
|
||||
util/timehist.c util/tube.c util/proxy_protocol.c util/timeval_func.c \
|
||||
util/timehist.c util/tsig.c util/tube.c util/proxy_protocol.c util/timeval_func.c \
|
||||
util/ub_event.c util/ub_event_pluggable.c util/winsock_event.c \
|
||||
validator/autotrust.c validator/val_anchor.c validator/validator.c \
|
||||
validator/val_kcache.c validator/val_kentry.c validator/val_neg.c \
|
||||
|
|
@ -147,7 +147,7 @@ iter_scrub.lo iter_utils.lo localzone.lo mesh.lo modstack.lo view.lo \
|
|||
outbound_list.lo alloc.lo config_file.lo configlexer.lo configparser.lo \
|
||||
fptr_wlist.lo siphash.lo edns.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \
|
||||
random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \
|
||||
slabhash.lo tcp_conn_limit.lo timehist.lo tube.lo winsock_event.lo \
|
||||
slabhash.lo tcp_conn_limit.lo timehist.lo tsig.lo tube.lo winsock_event.lo \
|
||||
autotrust.lo val_anchor.lo rpz.lo rfc_1982.lo proxy_protocol.lo \
|
||||
validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \
|
||||
val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo $(CACHEDB_OBJ) authzone.lo \
|
||||
|
|
@ -179,11 +179,12 @@ testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \
|
|||
testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \
|
||||
testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c \
|
||||
testcode/unitecs.c testcode/unitauth.c testcode/unitzonemd.c \
|
||||
testcode/unittcpreuse.c testcode/unitdoq.c testcode/unitinfra.c
|
||||
testcode/unittcpreuse.c testcode/unitdoq.c testcode/unitinfra.c \
|
||||
testcode/unittsig.c
|
||||
UNITTEST_OBJ=unitanchor.lo unitdname.lo unitlruhash.lo unitmain.lo \
|
||||
unitmsgparse.lo unitneg.lo unitregional.lo unitslabhash.lo unitverify.lo \
|
||||
readhex.lo testpkts.lo unitldns.lo unitecs.lo unitauth.lo unitzonemd.lo \
|
||||
unittcpreuse.lo unitdoq.lo unitinfra.lo
|
||||
unittcpreuse.lo unitdoq.lo unitinfra.lo unittsig.lo
|
||||
UNITTEST_OBJ_LINK=$(UNITTEST_OBJ) worker_cb.lo $(COMMON_OBJ) $(SLDNS_OBJ) \
|
||||
$(COMPAT_OBJ)
|
||||
DAEMON_SRC=daemon/acl_list.c daemon/cachedump.c daemon/daemon.c \
|
||||
|
|
@ -719,6 +720,7 @@ depend:
|
|||
|
||||
# build rules
|
||||
ipset.lo ipset.o: $(srcdir)/ipset/ipset.c
|
||||
tsig.lo tsig.o: $(srcdir)/util/tsig.c config.h $(srcdir)/util/tsig.h
|
||||
doqclient.lo doqclient.o: $(srcdir)/testcode/doqclient.c
|
||||
unitdoq.lo unitdoq.o: $(srcdir)/testcode/unitdoq.c
|
||||
|
||||
|
|
@ -957,7 +959,8 @@ configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configy
|
|||
$(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h util/configparser.h
|
||||
configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/random.h $(srcdir)/sldns/str2wire.h util/configparser.h
|
||||
$(srcdir)/util/random.h $(srcdir)/util/tsig.h $(srcdir)/util/locks.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/str2wire.h \
|
||||
$(srcdir)/sldns/parseutil.h util/configparser.h
|
||||
shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/util/shm_side/shm_main.h \
|
||||
$(srcdir)/libunbound/unbound.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
|
||||
|
|
@ -1002,7 +1005,8 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/
|
|||
$(srcdir)/validator/val_utils.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_anchor.h \
|
||||
$(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \
|
||||
$(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \
|
||||
$(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/worker.h $(srcdir)/daemon/remote.h
|
||||
$(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/worker.h $(srcdir)/util/tsig.h \
|
||||
$(srcdir)/daemon/remote.h
|
||||
locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
|
||||
log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h
|
||||
mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
|
||||
|
|
@ -1082,6 +1086,11 @@ tcp_conn_limit.lo tcp_conn_limit.o: $(srcdir)/util/tcp_conn_limit.c config.h $(s
|
|||
$(srcdir)/sldns/pkthdr.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h
|
||||
timehist.lo timehist.o: $(srcdir)/util/timehist.c config.h $(srcdir)/util/timehist.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/timeval_func.h
|
||||
tsig.lo tsig.o: $(srcdir)/util/tsig.c config.h $(srcdir)/util/tsig.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/random.h $(srcdir)/util/regional.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/pkthdr.h \
|
||||
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/dname.h
|
||||
tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/random.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h \
|
||||
|
|
@ -1227,9 +1236,11 @@ checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/u
|
|||
$(srcdir)/testcode/checklocks.h
|
||||
ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h
|
||||
ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h
|
||||
tsig.lo tsig.o: $(srcdir)/util/tsig.c $(srcdir)/util/tsig.h config.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/data/dname.h
|
||||
tsig.lo tsig.o: $(srcdir)/util/tsig.c config.h $(srcdir)/util/tsig.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/random.h $(srcdir)/util/regional.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/pkthdr.h \
|
||||
$(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/data/msgparse.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/dname.h
|
||||
unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \
|
||||
$(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h
|
||||
|
|
@ -1312,6 +1323,10 @@ unitinfra.lo unitinfra.o: $(srcdir)/testcode/unitinfra.c config.h $(srcdir)/test
|
|||
$(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \
|
||||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h
|
||||
unittsig.lo unittsig.o: $(srcdir)/testcode/unittsig.c config.h $(srcdir)/util/tsig.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/testcode/unitmain.h $(srcdir)/sldns/parseutil.h \
|
||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
|
||||
acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h \
|
||||
|
|
@ -1347,7 +1362,7 @@ daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h
|
|||
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
|
||||
$(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/sldns/keyraw.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h
|
||||
$(srcdir)/util/tsig.h $(srcdir)/sldns/keyraw.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h
|
||||
remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h \
|
||||
|
|
@ -1397,26 +1412,26 @@ unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $
|
|||
$(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/ub_event.h
|
||||
worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/random.h $(srcdir)/util/tsig.h $(srcdir)/sldns/sbuffer.h $(srcdir)/daemon/worker.h \
|
||||
$(srcdir)/libunbound/worker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||
$(srcdir)/util/random.h $(srcdir)/util/tsig.h $(srcdir)/util/locks.h $(srcdir)/util/rbtree.h $(srcdir)/daemon/worker.h \
|
||||
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||
$(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/daemon/stats.h \
|
||||
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
|
||||
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \
|
||||
$(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
|
||||
$(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
|
||||
$(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/proxy_protocol.h \
|
||||
$(srcdir)/util/edns.h $(srcdir)/util/timeval_func.h $(srcdir)/iterator/iter_fwd.h \
|
||||
$(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \
|
||||
$(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \
|
||||
$(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/parseutil.h \
|
||||
$(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
|
||||
$(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
|
||||
$(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
|
||||
$(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h \
|
||||
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/util/proxy_protocol.h $(srcdir)/util/edns.h $(srcdir)/util/timeval_func.h \
|
||||
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h \
|
||||
$(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \
|
||||
$(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \
|
||||
$(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h \
|
||||
$(srcdir)/dnstap/dtstream.h
|
||||
testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \
|
||||
$(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \
|
||||
|
|
@ -1436,26 +1451,26 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod
|
|||
$(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/random.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h \
|
||||
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
|
||||
worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/util/random.h $(srcdir)/util/tsig.h $(srcdir)/sldns/sbuffer.h $(srcdir)/daemon/worker.h \
|
||||
$(srcdir)/libunbound/worker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||
$(srcdir)/util/random.h $(srcdir)/util/tsig.h $(srcdir)/util/locks.h $(srcdir)/util/rbtree.h $(srcdir)/daemon/worker.h \
|
||||
$(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \
|
||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||
$(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/daemon/stats.h \
|
||||
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \
|
||||
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
|
||||
$(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \
|
||||
$(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \
|
||||
$(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
|
||||
$(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \
|
||||
$(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \
|
||||
$(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/proxy_protocol.h \
|
||||
$(srcdir)/util/edns.h $(srcdir)/util/timeval_func.h $(srcdir)/iterator/iter_fwd.h \
|
||||
$(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \
|
||||
$(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \
|
||||
$(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/parseutil.h \
|
||||
$(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h
|
||||
$(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \
|
||||
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \
|
||||
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
|
||||
$(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
|
||||
$(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h \
|
||||
$(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \
|
||||
$(srcdir)/util/proxy_protocol.h $(srcdir)/util/edns.h $(srcdir)/util/timeval_func.h \
|
||||
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_utils.h \
|
||||
$(srcdir)/iterator/iter_resptype.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \
|
||||
$(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \
|
||||
$(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h \
|
||||
$(srcdir)/dnstap/dtstream.h
|
||||
acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h \
|
||||
|
|
@ -1477,7 +1492,7 @@ daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h
|
|||
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \
|
||||
$(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
|
||||
$(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \
|
||||
$(srcdir)/sldns/keyraw.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h
|
||||
$(srcdir)/util/tsig.h $(srcdir)/sldns/keyraw.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h
|
||||
stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \
|
||||
$(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
|
||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||
|
|
@ -1571,7 +1586,8 @@ context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbou
|
|||
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
|
||||
$(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h \
|
||||
$(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/services/listen_dnsport.h \
|
||||
$(srcdir)/daemon/acl_list.h $(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h
|
||||
$(srcdir)/daemon/acl_list.h $(srcdir)/util/edns.h $(srcdir)/util/tsig.h $(srcdir)/iterator/iter_fwd.h \
|
||||
$(srcdir)/iterator/iter_hints.h
|
||||
libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \
|
||||
$(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
|
||||
|
|
@ -1579,7 +1595,7 @@ libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbou
|
|||
$(srcdir)/util/config_file.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
|
||||
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \
|
||||
$(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h $(srcdir)/util/edns.h \
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
|
||||
$(srcdir)/util/storage/dnstree.h $(srcdir)/util/tsig.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \
|
||||
$(srcdir)/sldns/sbuffer.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h \
|
||||
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \
|
||||
$(srcdir)/util/storage/slabhash.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \
|
||||
|
|
|
|||
348
aclocal.m4
vendored
348
aclocal.m4
vendored
|
|
@ -1,6 +1,6 @@
|
|||
# generated automatically by aclocal 1.16.2 -*- Autoconf -*-
|
||||
# generated automatically by aclocal 1.16.5 -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1996-2021 Free Software Foundation, Inc.
|
||||
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
|
@ -14,7 +14,8 @@
|
|||
m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
|
||||
# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
|
||||
#
|
||||
# Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1996-2001, 2003-2019, 2021-2022 Free Software
|
||||
# Foundation, Inc.
|
||||
# Written by Gordon Matzigkeit, 1996
|
||||
#
|
||||
# This file is free software; the Free Software Foundation gives
|
||||
|
|
@ -45,7 +46,7 @@ m4_define([_LT_COPYING], [dnl
|
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
])
|
||||
|
||||
# serial 58 LT_INIT
|
||||
# serial 59 LT_INIT
|
||||
|
||||
|
||||
# LT_PREREQ(VERSION)
|
||||
|
|
@ -195,6 +196,7 @@ m4_require([_LT_FILEUTILS_DEFAULTS])dnl
|
|||
m4_require([_LT_CHECK_SHELL_FEATURES])dnl
|
||||
m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl
|
||||
m4_require([_LT_CMD_RELOAD])dnl
|
||||
m4_require([_LT_DECL_FILECMD])dnl
|
||||
m4_require([_LT_CHECK_MAGIC_METHOD])dnl
|
||||
m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl
|
||||
m4_require([_LT_CMD_OLD_ARCHIVE])dnl
|
||||
|
|
@ -233,8 +235,8 @@ esac
|
|||
ofile=libtool
|
||||
can_build_shared=yes
|
||||
|
||||
# All known linkers require a '.a' archive for static linking (except MSVC,
|
||||
# which needs '.lib').
|
||||
# All known linkers require a '.a' archive for static linking (except MSVC and
|
||||
# ICC, which need '.lib').
|
||||
libext=a
|
||||
|
||||
with_gnu_ld=$lt_cv_prog_gnu_ld
|
||||
|
|
@ -736,7 +738,6 @@ _LT_CONFIG_SAVE_COMMANDS([
|
|||
cat <<_LT_EOF >> "$cfgfile"
|
||||
#! $SHELL
|
||||
# Generated automatically by $as_me ($PACKAGE) $VERSION
|
||||
# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
|
||||
# NOTE: Changes made to this file will be lost: look at ltmain.sh.
|
||||
|
||||
# Provide generalized library-building support services.
|
||||
|
|
@ -786,7 +787,7 @@ _LT_EOF
|
|||
# if finds mixed CR/LF and LF-only lines. Since sed operates in
|
||||
# text mode, it properly converts lines to CR/LF. This bash problem
|
||||
# is reportedly fixed, but why not run on old versions too?
|
||||
sed '$q' "$ltmain" >> "$cfgfile" \
|
||||
$SED '$q' "$ltmain" >> "$cfgfile" \
|
||||
|| (rm -f "$cfgfile"; exit 1)
|
||||
|
||||
mv -f "$cfgfile" "$ofile" ||
|
||||
|
|
@ -1048,8 +1049,8 @@ int forced_loaded() { return 2;}
|
|||
_LT_EOF
|
||||
echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
|
||||
$LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
|
||||
echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
|
||||
$AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
|
||||
echo "$AR $AR_FLAGS libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
|
||||
$AR $AR_FLAGS libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
|
||||
echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
|
||||
$RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
|
||||
cat > conftest.c << _LT_EOF
|
||||
|
|
@ -1073,17 +1074,12 @@ _LT_EOF
|
|||
_lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
|
||||
darwin1.*)
|
||||
_lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
|
||||
darwin*) # darwin 5.x on
|
||||
# if running on 10.5 or later, the deployment target defaults
|
||||
# to the OS version, if on x86, and 10.4, the deployment
|
||||
# target defaults to 10.4. Don't you love it?
|
||||
case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
|
||||
10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
|
||||
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
|
||||
10.[[012]][[,.]]*)
|
||||
_lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
|
||||
10.*)
|
||||
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
|
||||
darwin*)
|
||||
case $MACOSX_DEPLOYMENT_TARGET,$host in
|
||||
10.[[012]],*|,*powerpc*-darwin[[5-8]]*)
|
||||
_lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
|
||||
*)
|
||||
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
|
|
@ -1132,12 +1128,12 @@ m4_defun([_LT_DARWIN_LINKER_FEATURES],
|
|||
output_verbose_link_cmd=func_echo_all
|
||||
_LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
|
||||
_LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
|
||||
_LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)="$SED 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
|
||||
_LT_TAGVAR(module_expsym_cmds, $1)="$SED -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
|
||||
m4_if([$1], [CXX],
|
||||
[ if test yes != "$lt_cv_apple_cc_single_mod"; then
|
||||
_LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil"
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)="$SED 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
|
||||
fi
|
||||
],[])
|
||||
else
|
||||
|
|
@ -1251,7 +1247,8 @@ _LT_DECL([], [ECHO], [1], [An echo program that protects backslashes])
|
|||
# _LT_WITH_SYSROOT
|
||||
# ----------------
|
||||
AC_DEFUN([_LT_WITH_SYSROOT],
|
||||
[AC_MSG_CHECKING([for sysroot])
|
||||
[m4_require([_LT_DECL_SED])dnl
|
||||
AC_MSG_CHECKING([for sysroot])
|
||||
AC_ARG_WITH([sysroot],
|
||||
[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@],
|
||||
[Search for dependent libraries within DIR (or the compiler's sysroot
|
||||
|
|
@ -1268,7 +1265,7 @@ case $with_sysroot in #(
|
|||
fi
|
||||
;; #(
|
||||
/*)
|
||||
lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
|
||||
lt_sysroot=`echo "$with_sysroot" | $SED -e "$sed_quote_subst"`
|
||||
;; #(
|
||||
no|'')
|
||||
;; #(
|
||||
|
|
@ -1298,7 +1295,7 @@ ia64-*-hpux*)
|
|||
# options accordingly.
|
||||
echo 'int i;' > conftest.$ac_ext
|
||||
if AC_TRY_EVAL(ac_compile); then
|
||||
case `/usr/bin/file conftest.$ac_objext` in
|
||||
case `$FILECMD conftest.$ac_objext` in
|
||||
*ELF-32*)
|
||||
HPUX_IA64_MODE=32
|
||||
;;
|
||||
|
|
@ -1315,7 +1312,7 @@ ia64-*-hpux*)
|
|||
echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
|
||||
if AC_TRY_EVAL(ac_compile); then
|
||||
if test yes = "$lt_cv_prog_gnu_ld"; then
|
||||
case `/usr/bin/file conftest.$ac_objext` in
|
||||
case `$FILECMD conftest.$ac_objext` in
|
||||
*32-bit*)
|
||||
LD="${LD-ld} -melf32bsmip"
|
||||
;;
|
||||
|
|
@ -1327,7 +1324,7 @@ ia64-*-hpux*)
|
|||
;;
|
||||
esac
|
||||
else
|
||||
case `/usr/bin/file conftest.$ac_objext` in
|
||||
case `$FILECMD conftest.$ac_objext` in
|
||||
*32-bit*)
|
||||
LD="${LD-ld} -32"
|
||||
;;
|
||||
|
|
@ -1349,7 +1346,7 @@ mips64*-*linux*)
|
|||
echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
|
||||
if AC_TRY_EVAL(ac_compile); then
|
||||
emul=elf
|
||||
case `/usr/bin/file conftest.$ac_objext` in
|
||||
case `$FILECMD conftest.$ac_objext` in
|
||||
*32-bit*)
|
||||
emul="${emul}32"
|
||||
;;
|
||||
|
|
@ -1357,7 +1354,7 @@ mips64*-*linux*)
|
|||
emul="${emul}64"
|
||||
;;
|
||||
esac
|
||||
case `/usr/bin/file conftest.$ac_objext` in
|
||||
case `$FILECMD conftest.$ac_objext` in
|
||||
*MSB*)
|
||||
emul="${emul}btsmip"
|
||||
;;
|
||||
|
|
@ -1365,7 +1362,7 @@ mips64*-*linux*)
|
|||
emul="${emul}ltsmip"
|
||||
;;
|
||||
esac
|
||||
case `/usr/bin/file conftest.$ac_objext` in
|
||||
case `$FILECMD conftest.$ac_objext` in
|
||||
*N32*)
|
||||
emul="${emul}n32"
|
||||
;;
|
||||
|
|
@ -1385,14 +1382,14 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
|
|||
# not appear in the list.
|
||||
echo 'int i;' > conftest.$ac_ext
|
||||
if AC_TRY_EVAL(ac_compile); then
|
||||
case `/usr/bin/file conftest.o` in
|
||||
case `$FILECMD conftest.o` in
|
||||
*32-bit*)
|
||||
case $host in
|
||||
x86_64-*kfreebsd*-gnu)
|
||||
LD="${LD-ld} -m elf_i386_fbsd"
|
||||
;;
|
||||
x86_64-*linux*)
|
||||
case `/usr/bin/file conftest.o` in
|
||||
case `$FILECMD conftest.o` in
|
||||
*x86-64*)
|
||||
LD="${LD-ld} -m elf32_x86_64"
|
||||
;;
|
||||
|
|
@ -1460,7 +1457,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
|
|||
# options accordingly.
|
||||
echo 'int i;' > conftest.$ac_ext
|
||||
if AC_TRY_EVAL(ac_compile); then
|
||||
case `/usr/bin/file conftest.o` in
|
||||
case `$FILECMD conftest.o` in
|
||||
*64-bit*)
|
||||
case $lt_cv_prog_gnu_ld in
|
||||
yes*)
|
||||
|
|
@ -1499,9 +1496,22 @@ need_locks=$enable_libtool_lock
|
|||
m4_defun([_LT_PROG_AR],
|
||||
[AC_CHECK_TOOLS(AR, [ar], false)
|
||||
: ${AR=ar}
|
||||
: ${AR_FLAGS=cru}
|
||||
_LT_DECL([], [AR], [1], [The archiver])
|
||||
_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
|
||||
|
||||
# Use ARFLAGS variable as AR's operation code to sync the variable naming with
|
||||
# Automake. If both AR_FLAGS and ARFLAGS are specified, AR_FLAGS should have
|
||||
# higher priority because thats what people were doing historically (setting
|
||||
# ARFLAGS for automake and AR_FLAGS for libtool). FIXME: Make the AR_FLAGS
|
||||
# variable obsoleted/removed.
|
||||
|
||||
test ${AR_FLAGS+y} || AR_FLAGS=${ARFLAGS-cr}
|
||||
lt_ar_flags=$AR_FLAGS
|
||||
_LT_DECL([], [lt_ar_flags], [0], [Flags to create an archive (by configure)])
|
||||
|
||||
# Make AR_FLAGS overridable by 'make ARFLAGS='. Don't try to run-time override
|
||||
# by AR_FLAGS because that was never working and AR_FLAGS is about to die.
|
||||
_LT_DECL([], [AR_FLAGS], [\@S|@{ARFLAGS-"\@S|@lt_ar_flags"}],
|
||||
[Flags to create an archive])
|
||||
|
||||
AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
|
||||
[lt_cv_ar_at_file=no
|
||||
|
|
@ -1720,7 +1730,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
|
|||
lt_cv_sys_max_cmd_len=8192;
|
||||
;;
|
||||
|
||||
bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
|
||||
bitrig* | darwin* | dragonfly* | freebsd* | midnightbsd* | netbsd* | openbsd*)
|
||||
# This has been around since 386BSD, at least. Likely further.
|
||||
if test -x /sbin/sysctl; then
|
||||
lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
|
||||
|
|
@ -1763,7 +1773,7 @@ AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
|
|||
sysv5* | sco5v6* | sysv4.2uw2*)
|
||||
kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
|
||||
if test -n "$kargmax"; then
|
||||
lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'`
|
||||
lt_cv_sys_max_cmd_len=`echo $kargmax | $SED 's/.*[[ ]]//'`
|
||||
else
|
||||
lt_cv_sys_max_cmd_len=32768
|
||||
fi
|
||||
|
|
@ -2213,26 +2223,35 @@ m4_defun([_LT_CMD_STRIPLIB],
|
|||
striplib=
|
||||
old_striplib=
|
||||
AC_MSG_CHECKING([whether stripping libraries is possible])
|
||||
if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
|
||||
test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
|
||||
test -z "$striplib" && striplib="$STRIP --strip-unneeded"
|
||||
AC_MSG_RESULT([yes])
|
||||
if test -z "$STRIP"; then
|
||||
AC_MSG_RESULT([no])
|
||||
else
|
||||
# FIXME - insert some real tests, host_os isn't really good enough
|
||||
case $host_os in
|
||||
darwin*)
|
||||
if test -n "$STRIP"; then
|
||||
if $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
|
||||
old_striplib="$STRIP --strip-debug"
|
||||
striplib="$STRIP --strip-unneeded"
|
||||
AC_MSG_RESULT([yes])
|
||||
else
|
||||
case $host_os in
|
||||
darwin*)
|
||||
# FIXME - insert some real tests, host_os isn't really good enough
|
||||
striplib="$STRIP -x"
|
||||
old_striplib="$STRIP -S"
|
||||
AC_MSG_RESULT([yes])
|
||||
else
|
||||
;;
|
||||
freebsd*)
|
||||
if $STRIP -V 2>&1 | $GREP "elftoolchain" >/dev/null; then
|
||||
old_striplib="$STRIP --strip-debug"
|
||||
striplib="$STRIP --strip-unneeded"
|
||||
AC_MSG_RESULT([yes])
|
||||
else
|
||||
AC_MSG_RESULT([no])
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
AC_MSG_RESULT([no])
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
AC_MSG_RESULT([no])
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
fi
|
||||
_LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
|
||||
_LT_DECL([], [striplib], [1])
|
||||
|
|
@ -2555,7 +2574,7 @@ cygwin* | mingw* | pw32* | cegcc*)
|
|||
case $host_os in
|
||||
cygwin*)
|
||||
# Cygwin DLLs use 'cyg' prefix rather than 'lib'
|
||||
soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
|
||||
soname_spec='`echo $libname | $SED -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
|
||||
m4_if([$1], [],[
|
||||
sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"])
|
||||
;;
|
||||
|
|
@ -2565,14 +2584,14 @@ m4_if([$1], [],[
|
|||
;;
|
||||
pw32*)
|
||||
# pw32 DLLs use 'pw' prefix rather than 'lib'
|
||||
library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
|
||||
library_names_spec='`echo $libname | $SED -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
|
||||
;;
|
||||
esac
|
||||
dynamic_linker='Win32 ld.exe'
|
||||
;;
|
||||
|
||||
*,cl*)
|
||||
# Native MSVC
|
||||
*,cl* | *,icl*)
|
||||
# Native MSVC or ICC
|
||||
libname_spec='$name'
|
||||
soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
|
||||
library_names_spec='$libname.dll.lib'
|
||||
|
|
@ -2591,7 +2610,7 @@ m4_if([$1], [],[
|
|||
done
|
||||
IFS=$lt_save_ifs
|
||||
# Convert to MSYS style.
|
||||
sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
|
||||
sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
|
||||
;;
|
||||
cygwin*)
|
||||
# Convert to unix form, then to dos form, then back to unix form
|
||||
|
|
@ -2628,7 +2647,7 @@ m4_if([$1], [],[
|
|||
;;
|
||||
|
||||
*)
|
||||
# Assume MSVC wrapper
|
||||
# Assume MSVC and ICC wrapper
|
||||
library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib'
|
||||
dynamic_linker='Win32 ld.exe'
|
||||
;;
|
||||
|
|
@ -2661,7 +2680,7 @@ dgux*)
|
|||
shlibpath_var=LD_LIBRARY_PATH
|
||||
;;
|
||||
|
||||
freebsd* | dragonfly*)
|
||||
freebsd* | dragonfly* | midnightbsd*)
|
||||
# DragonFly does not have aout. When/if they implement a new
|
||||
# versioning mechanism, adjust this.
|
||||
if test -x /usr/bin/objformat; then
|
||||
|
|
@ -2873,9 +2892,6 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
|
|||
# before this can be enabled.
|
||||
hardcode_into_libs=yes
|
||||
|
||||
# Add ABI-specific directories to the system library path.
|
||||
sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib"
|
||||
|
||||
# Ideally, we could use ldconfig to report *all* directores which are
|
||||
# searched for libraries, however this is still not possible. Aside from not
|
||||
# being certain /sbin/ldconfig is available, command
|
||||
|
|
@ -2884,7 +2900,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
|
|||
# appending ld.so.conf contents (and includes) to the search path.
|
||||
if test -f /etc/ld.so.conf; then
|
||||
lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
|
||||
sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra"
|
||||
sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
|
||||
fi
|
||||
|
||||
# We used to test for /lib/ld.so.1 and disable shared libraries on
|
||||
|
|
@ -2896,6 +2912,18 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
|
|||
dynamic_linker='GNU/Linux ld.so'
|
||||
;;
|
||||
|
||||
netbsdelf*-gnu)
|
||||
version_type=linux
|
||||
need_lib_prefix=no
|
||||
need_version=no
|
||||
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
|
||||
soname_spec='${libname}${release}${shared_ext}$major'
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
shlibpath_overrides_runpath=no
|
||||
hardcode_into_libs=yes
|
||||
dynamic_linker='NetBSD ld.elf_so'
|
||||
;;
|
||||
|
||||
netbsd*)
|
||||
version_type=sunos
|
||||
need_lib_prefix=no
|
||||
|
|
@ -3463,7 +3491,7 @@ beos*)
|
|||
|
||||
bsdi[[45]]*)
|
||||
lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
|
||||
lt_cv_file_magic_cmd='/usr/bin/file -L'
|
||||
lt_cv_file_magic_cmd='$FILECMD -L'
|
||||
lt_cv_file_magic_test_file=/shlib/libc.so
|
||||
;;
|
||||
|
||||
|
|
@ -3497,14 +3525,14 @@ darwin* | rhapsody*)
|
|||
lt_cv_deplibs_check_method=pass_all
|
||||
;;
|
||||
|
||||
freebsd* | dragonfly*)
|
||||
freebsd* | dragonfly* | midnightbsd*)
|
||||
if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
|
||||
case $host_cpu in
|
||||
i*86 )
|
||||
# Not sure whether the presence of OpenBSD here was a mistake.
|
||||
# Let's accept both of them until this is cleared up.
|
||||
lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
|
||||
lt_cv_file_magic_cmd=/usr/bin/file
|
||||
lt_cv_file_magic_cmd=$FILECMD
|
||||
lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
|
||||
;;
|
||||
esac
|
||||
|
|
@ -3518,7 +3546,7 @@ haiku*)
|
|||
;;
|
||||
|
||||
hpux10.20* | hpux11*)
|
||||
lt_cv_file_magic_cmd=/usr/bin/file
|
||||
lt_cv_file_magic_cmd=$FILECMD
|
||||
case $host_cpu in
|
||||
ia64*)
|
||||
lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
|
||||
|
|
@ -3555,7 +3583,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
|
|||
lt_cv_deplibs_check_method=pass_all
|
||||
;;
|
||||
|
||||
netbsd*)
|
||||
netbsd* | netbsdelf*-gnu)
|
||||
if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
|
||||
lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
|
||||
else
|
||||
|
|
@ -3565,7 +3593,7 @@ netbsd*)
|
|||
|
||||
newos6*)
|
||||
lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
|
||||
lt_cv_file_magic_cmd=/usr/bin/file
|
||||
lt_cv_file_magic_cmd=$FILECMD
|
||||
lt_cv_file_magic_test_file=/usr/lib/libnls.so
|
||||
;;
|
||||
|
||||
|
|
@ -3692,13 +3720,13 @@ else
|
|||
mingw*) lt_bad_file=conftest.nm/nofile ;;
|
||||
*) lt_bad_file=/dev/null ;;
|
||||
esac
|
||||
case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
|
||||
case `"$tmp_nm" -B $lt_bad_file 2>&1 | $SED '1q'` in
|
||||
*$lt_bad_file* | *'Invalid file or object type'*)
|
||||
lt_cv_path_NM="$tmp_nm -B"
|
||||
break 2
|
||||
;;
|
||||
*)
|
||||
case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
|
||||
case `"$tmp_nm" -p /dev/null 2>&1 | $SED '1q'` in
|
||||
*/dev/null*)
|
||||
lt_cv_path_NM="$tmp_nm -p"
|
||||
break 2
|
||||
|
|
@ -3724,7 +3752,7 @@ else
|
|||
# Let the user override the test.
|
||||
else
|
||||
AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
|
||||
case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
|
||||
case `$DUMPBIN -symbols -headers /dev/null 2>&1 | $SED '1q'` in
|
||||
*COFF*)
|
||||
DUMPBIN="$DUMPBIN -symbols -headers"
|
||||
;;
|
||||
|
|
@ -3964,7 +3992,7 @@ esac
|
|||
|
||||
if test "$lt_cv_nm_interface" = "MS dumpbin"; then
|
||||
# Gets list of data symbols to import.
|
||||
lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
|
||||
lt_cv_sys_global_symbol_to_import="$SED -n -e 's/^I .* \(.*\)$/\1/p'"
|
||||
# Adjust the below global symbol transforms to fixup imported variables.
|
||||
lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
|
||||
lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'"
|
||||
|
|
@ -3982,20 +4010,20 @@ fi
|
|||
# Transform an extracted symbol line into a proper C declaration.
|
||||
# Some systems (esp. on ia64) link data and code symbols differently,
|
||||
# so use this general approach.
|
||||
lt_cv_sys_global_symbol_to_cdecl="sed -n"\
|
||||
lt_cv_sys_global_symbol_to_cdecl="$SED -n"\
|
||||
$lt_cdecl_hook\
|
||||
" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
|
||||
" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
|
||||
|
||||
# Transform an extracted symbol line into symbol name and symbol address
|
||||
lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
|
||||
lt_cv_sys_global_symbol_to_c_name_address="$SED -n"\
|
||||
$lt_c_name_hook\
|
||||
" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
|
||||
" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'"
|
||||
|
||||
# Transform an extracted symbol line into symbol name with lib prefix and
|
||||
# symbol address.
|
||||
lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
|
||||
lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="$SED -n"\
|
||||
$lt_c_name_lib_hook\
|
||||
" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
|
||||
" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\
|
||||
|
|
@ -4019,7 +4047,7 @@ for ac_symprfx in "" "_"; do
|
|||
if test "$lt_cv_nm_interface" = "MS dumpbin"; then
|
||||
# Fake it for dumpbin and say T for any non-static function,
|
||||
# D for any global variable and I for any imported variable.
|
||||
# Also find C++ and __fastcall symbols from MSVC++,
|
||||
# Also find C++ and __fastcall symbols from MSVC++ or ICC,
|
||||
# which start with @ or ?.
|
||||
lt_cv_sys_global_symbol_pipe="$AWK ['"\
|
||||
" {last_section=section; section=\$ 3};"\
|
||||
|
|
@ -4037,9 +4065,9 @@ for ac_symprfx in "" "_"; do
|
|||
" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
|
||||
" ' prfx=^$ac_symprfx]"
|
||||
else
|
||||
lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
|
||||
lt_cv_sys_global_symbol_pipe="$SED -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
|
||||
fi
|
||||
lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
|
||||
lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | $SED '/ __gnu_lto/d'"
|
||||
|
||||
# Check to see that the pipe works correctly.
|
||||
pipe_works=no
|
||||
|
|
@ -4061,7 +4089,8 @@ _LT_EOF
|
|||
if AC_TRY_EVAL(ac_compile); then
|
||||
# Now try to grab the symbols.
|
||||
nlist=conftest.nm
|
||||
if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then
|
||||
$ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&AS_MESSAGE_LOG_FD
|
||||
if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&AS_MESSAGE_LOG_FD && test -s "$nlist"; then
|
||||
# Try sorting and uniquifying the output.
|
||||
if sort "$nlist" | uniq > "$nlist"T; then
|
||||
mv -f "$nlist"T "$nlist"
|
||||
|
|
@ -4326,7 +4355,7 @@ m4_if([$1], [CXX], [
|
|||
;;
|
||||
esac
|
||||
;;
|
||||
freebsd* | dragonfly*)
|
||||
freebsd* | dragonfly* | midnightbsd*)
|
||||
# FreeBSD uses GNU C++
|
||||
;;
|
||||
hpux9* | hpux10* | hpux11*)
|
||||
|
|
@ -4409,7 +4438,7 @@ m4_if([$1], [CXX], [
|
|||
_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
|
||||
;;
|
||||
*)
|
||||
case `$CC -V 2>&1 | sed 5q` in
|
||||
case `$CC -V 2>&1 | $SED 5q` in
|
||||
*Sun\ C*)
|
||||
# Sun C++ 5.9
|
||||
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
|
||||
|
|
@ -4433,7 +4462,7 @@ m4_if([$1], [CXX], [
|
|||
;;
|
||||
esac
|
||||
;;
|
||||
netbsd*)
|
||||
netbsd* | netbsdelf*-gnu)
|
||||
;;
|
||||
*qnx* | *nto*)
|
||||
# QNX uses GNU C++, but need to define -shared option too, otherwise
|
||||
|
|
@ -4701,6 +4730,12 @@ m4_if([$1], [CXX], [
|
|||
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
|
||||
_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
|
||||
;;
|
||||
# flang / f18. f95 an alias for gfortran or flang on Debian
|
||||
flang* | f18* | f95*)
|
||||
_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
|
||||
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
|
||||
_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
|
||||
;;
|
||||
# icc used to be incompatible with GCC.
|
||||
# ICC 10 doesn't accept -KPIC any more.
|
||||
icc* | ifort*)
|
||||
|
|
@ -4745,7 +4780,7 @@ m4_if([$1], [CXX], [
|
|||
_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
|
||||
;;
|
||||
*)
|
||||
case `$CC -V 2>&1 | sed 5q` in
|
||||
case `$CC -V 2>&1 | $SED 5q` in
|
||||
*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
|
||||
# Sun Fortran 8.3 passes all unrecognized flags to the linker
|
||||
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
|
||||
|
|
@ -4928,7 +4963,7 @@ m4_if([$1], [CXX], [
|
|||
if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
|
||||
_LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
|
||||
else
|
||||
_LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
|
||||
_LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
|
||||
fi
|
||||
;;
|
||||
pw32*)
|
||||
|
|
@ -4936,7 +4971,7 @@ m4_if([$1], [CXX], [
|
|||
;;
|
||||
cygwin* | mingw* | cegcc*)
|
||||
case $cc_basename in
|
||||
cl*)
|
||||
cl* | icl*)
|
||||
_LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
|
||||
;;
|
||||
*)
|
||||
|
|
@ -4945,6 +4980,9 @@ m4_if([$1], [CXX], [
|
|||
;;
|
||||
esac
|
||||
;;
|
||||
linux* | k*bsd*-gnu | gnu*)
|
||||
_LT_TAGVAR(link_all_deplibs, $1)=no
|
||||
;;
|
||||
*)
|
||||
_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
|
||||
;;
|
||||
|
|
@ -4993,20 +5031,23 @@ dnl Note also adjust exclude_expsyms for C++ above.
|
|||
|
||||
case $host_os in
|
||||
cygwin* | mingw* | pw32* | cegcc*)
|
||||
# FIXME: the MSVC++ port hasn't been tested in a loooong time
|
||||
# FIXME: the MSVC++ and ICC port hasn't been tested in a loooong time
|
||||
# When not using gcc, we currently assume that we are using
|
||||
# Microsoft Visual C++.
|
||||
# Microsoft Visual C++ or Intel C++ Compiler.
|
||||
if test yes != "$GCC"; then
|
||||
with_gnu_ld=no
|
||||
fi
|
||||
;;
|
||||
interix*)
|
||||
# we just hope/assume this is gcc and not c89 (= MSVC++)
|
||||
# we just hope/assume this is gcc and not c89 (= MSVC++ or ICC)
|
||||
with_gnu_ld=yes
|
||||
;;
|
||||
openbsd* | bitrig*)
|
||||
with_gnu_ld=no
|
||||
;;
|
||||
linux* | k*bsd*-gnu | gnu*)
|
||||
_LT_TAGVAR(link_all_deplibs, $1)=no
|
||||
;;
|
||||
esac
|
||||
|
||||
_LT_TAGVAR(ld_shlibs, $1)=yes
|
||||
|
|
@ -5053,7 +5094,7 @@ dnl Note also adjust exclude_expsyms for C++ above.
|
|||
_LT_TAGVAR(whole_archive_flag_spec, $1)=
|
||||
fi
|
||||
supports_anon_versioning=no
|
||||
case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
|
||||
case `$LD -v | $SED -e 's/([[^)]]\+)\s\+//' 2>&1` in
|
||||
*GNU\ gold*) supports_anon_versioning=yes ;;
|
||||
*\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
|
||||
*\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
|
||||
|
|
@ -5165,6 +5206,7 @@ _LT_EOF
|
|||
emximp -o $lib $output_objdir/$libname.def'
|
||||
_LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
|
||||
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
|
||||
_LT_TAGVAR(file_list_spec, $1)='@'
|
||||
;;
|
||||
|
||||
interix[[3-9]]*)
|
||||
|
|
@ -5179,7 +5221,7 @@ _LT_EOF
|
|||
# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
|
||||
# time. Moving up from 0x10000000 also allows more sbrk(2) space.
|
||||
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
|
||||
;;
|
||||
|
||||
gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
|
||||
|
|
@ -5222,7 +5264,7 @@ _LT_EOF
|
|||
_LT_TAGVAR(compiler_needs_object, $1)=yes
|
||||
;;
|
||||
esac
|
||||
case `$CC -V 2>&1 | sed 5q` in
|
||||
case `$CC -V 2>&1 | $SED 5q` in
|
||||
*Sun\ C*) # Sun C 5.9
|
||||
_LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
|
||||
_LT_TAGVAR(compiler_needs_object, $1)=yes
|
||||
|
|
@ -5234,13 +5276,14 @@ _LT_EOF
|
|||
|
||||
if test yes = "$supports_anon_versioning"; then
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
|
||||
cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
|
||||
cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
|
||||
echo "local: *; };" >> $output_objdir/$libname.ver~
|
||||
$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
|
||||
fi
|
||||
|
||||
case $cc_basename in
|
||||
tcc*)
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
|
||||
_LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic'
|
||||
;;
|
||||
xlf* | bgf* | bgxlf* | mpixlf*)
|
||||
|
|
@ -5250,7 +5293,7 @@ _LT_EOF
|
|||
_LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
|
||||
if test yes = "$supports_anon_versioning"; then
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
|
||||
cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
|
||||
cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
|
||||
echo "local: *; };" >> $output_objdir/$libname.ver~
|
||||
$LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
|
||||
fi
|
||||
|
|
@ -5261,7 +5304,7 @@ _LT_EOF
|
|||
fi
|
||||
;;
|
||||
|
||||
netbsd*)
|
||||
netbsd* | netbsdelf*-gnu)
|
||||
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
|
||||
_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
|
||||
wlarc=
|
||||
|
|
@ -5382,7 +5425,7 @@ _LT_EOF
|
|||
if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
|
||||
_LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
|
||||
else
|
||||
_LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
|
||||
_LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "L") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
|
||||
fi
|
||||
aix_use_runtimelinking=no
|
||||
|
||||
|
|
@ -5565,12 +5608,12 @@ _LT_EOF
|
|||
|
||||
cygwin* | mingw* | pw32* | cegcc*)
|
||||
# When not using gcc, we currently assume that we are using
|
||||
# Microsoft Visual C++.
|
||||
# Microsoft Visual C++ or Intel C++ Compiler.
|
||||
# hardcode_libdir_flag_spec is actually meaningless, as there is
|
||||
# no search path for DLLs.
|
||||
case $cc_basename in
|
||||
cl*)
|
||||
# Native MSVC
|
||||
cl* | icl*)
|
||||
# Native MSVC or ICC
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
|
||||
_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
|
||||
_LT_TAGVAR(always_export_symbols, $1)=yes
|
||||
|
|
@ -5611,7 +5654,7 @@ _LT_EOF
|
|||
fi'
|
||||
;;
|
||||
*)
|
||||
# Assume MSVC wrapper
|
||||
# Assume MSVC and ICC wrapper
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
|
||||
_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
|
||||
# Tell ltmain to make .lib files, not .a files.
|
||||
|
|
@ -5659,7 +5702,7 @@ _LT_EOF
|
|||
;;
|
||||
|
||||
# FreeBSD 3 and greater uses gcc -shared to do shared libraries.
|
||||
freebsd* | dragonfly*)
|
||||
freebsd* | dragonfly* | midnightbsd*)
|
||||
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
|
||||
_LT_TAGVAR(hardcode_direct, $1)=yes
|
||||
|
|
@ -5782,6 +5825,7 @@ _LT_EOF
|
|||
if test yes = "$lt_cv_irix_exported_symbol"; then
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
|
||||
fi
|
||||
_LT_TAGVAR(link_all_deplibs, $1)=no
|
||||
else
|
||||
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
|
||||
|
|
@ -5799,11 +5843,12 @@ _LT_EOF
|
|||
# Fabrice Bellard et al's Tiny C Compiler
|
||||
_LT_TAGVAR(ld_shlibs, $1)=yes
|
||||
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
|
||||
netbsd*)
|
||||
netbsd* | netbsdelf*-gnu)
|
||||
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
|
||||
_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
|
||||
else
|
||||
|
|
@ -5870,6 +5915,7 @@ _LT_EOF
|
|||
emximp -o $lib $output_objdir/$libname.def'
|
||||
_LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
|
||||
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
|
||||
_LT_TAGVAR(file_list_spec, $1)='@'
|
||||
;;
|
||||
|
||||
osf3*)
|
||||
|
|
@ -6425,7 +6471,7 @@ if test yes != "$_lt_caught_CXX_error"; then
|
|||
# Commands to make compiler produce verbose output that lists
|
||||
# what "hidden" libraries, object files and flags are used when
|
||||
# linking a shared library.
|
||||
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
|
||||
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
|
||||
|
||||
else
|
||||
GXX=no
|
||||
|
|
@ -6636,8 +6682,8 @@ if test yes != "$_lt_caught_CXX_error"; then
|
|||
|
||||
cygwin* | mingw* | pw32* | cegcc*)
|
||||
case $GXX,$cc_basename in
|
||||
,cl* | no,cl*)
|
||||
# Native MSVC
|
||||
,cl* | no,cl* | ,icl* | no,icl*)
|
||||
# Native MSVC or ICC
|
||||
# hardcode_libdir_flag_spec is actually meaningless, as there is
|
||||
# no search path for DLLs.
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
|
||||
|
|
@ -6735,6 +6781,7 @@ if test yes != "$_lt_caught_CXX_error"; then
|
|||
emximp -o $lib $output_objdir/$libname.def'
|
||||
_LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
|
||||
_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
|
||||
_LT_TAGVAR(file_list_spec, $1)='@'
|
||||
;;
|
||||
|
||||
dgux*)
|
||||
|
|
@ -6765,7 +6812,7 @@ if test yes != "$_lt_caught_CXX_error"; then
|
|||
_LT_TAGVAR(archive_cmds_need_lc, $1)=no
|
||||
;;
|
||||
|
||||
freebsd* | dragonfly*)
|
||||
freebsd* | dragonfly* | midnightbsd*)
|
||||
# FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
|
||||
# conventions
|
||||
_LT_TAGVAR(ld_shlibs, $1)=yes
|
||||
|
|
@ -6800,7 +6847,7 @@ if test yes != "$_lt_caught_CXX_error"; then
|
|||
# explicitly linking system object files so we need to strip them
|
||||
# from the output so that they don't get included in the library
|
||||
# dependencies.
|
||||
output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
|
||||
output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
|
||||
;;
|
||||
*)
|
||||
if test yes = "$GXX"; then
|
||||
|
|
@ -6865,7 +6912,7 @@ if test yes != "$_lt_caught_CXX_error"; then
|
|||
# explicitly linking system object files so we need to strip them
|
||||
# from the output so that they don't get included in the library
|
||||
# dependencies.
|
||||
output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
|
||||
output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
|
||||
;;
|
||||
*)
|
||||
if test yes = "$GXX"; then
|
||||
|
|
@ -6902,7 +6949,7 @@ if test yes != "$_lt_caught_CXX_error"; then
|
|||
# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
|
||||
# time. Moving up from 0x10000000 also allows more sbrk(2) space.
|
||||
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='$SED "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
|
||||
;;
|
||||
irix5* | irix6*)
|
||||
case $cc_basename in
|
||||
|
|
@ -7042,13 +7089,13 @@ if test yes != "$_lt_caught_CXX_error"; then
|
|||
_LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
|
||||
if test yes = "$supports_anon_versioning"; then
|
||||
_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
|
||||
cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
|
||||
cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
|
||||
echo "local: *; };" >> $output_objdir/$libname.ver~
|
||||
$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
case `$CC -V 2>&1 | sed 5q` in
|
||||
case `$CC -V 2>&1 | $SED 5q` in
|
||||
*Sun\ C*)
|
||||
# Sun C++ 5.9
|
||||
_LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
|
||||
|
|
@ -7204,7 +7251,7 @@ if test yes != "$_lt_caught_CXX_error"; then
|
|||
# Commands to make compiler produce verbose output that lists
|
||||
# what "hidden" libraries, object files and flags are used when
|
||||
# linking a shared library.
|
||||
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
|
||||
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
|
||||
|
||||
else
|
||||
# FIXME: insert proper C++ library support
|
||||
|
|
@ -7288,7 +7335,7 @@ if test yes != "$_lt_caught_CXX_error"; then
|
|||
# Commands to make compiler produce verbose output that lists
|
||||
# what "hidden" libraries, object files and flags are used when
|
||||
# linking a shared library.
|
||||
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
|
||||
output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
|
||||
else
|
||||
# g++ 2.7 appears to require '-G' NOT '-shared' on this
|
||||
# platform.
|
||||
|
|
@ -7299,7 +7346,7 @@ if test yes != "$_lt_caught_CXX_error"; then
|
|||
# Commands to make compiler produce verbose output that lists
|
||||
# what "hidden" libraries, object files and flags are used when
|
||||
# linking a shared library.
|
||||
output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
|
||||
output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
|
||||
fi
|
||||
|
||||
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
|
||||
|
|
@ -8186,6 +8233,14 @@ _LT_DECL([], [DLLTOOL], [1], [DLL creation program])
|
|||
AC_SUBST([DLLTOOL])
|
||||
])
|
||||
|
||||
# _LT_DECL_FILECMD
|
||||
# ----------------
|
||||
# Check for a file(cmd) program that can be used to detect file type and magic
|
||||
m4_defun([_LT_DECL_FILECMD],
|
||||
[AC_CHECK_TOOL([FILECMD], [file], [:])
|
||||
_LT_DECL([], [FILECMD], [1], [A file(cmd) program that detects file types])
|
||||
])# _LD_DECL_FILECMD
|
||||
|
||||
# _LT_DECL_SED
|
||||
# ------------
|
||||
# Check for a fully-functional sed program, that truncates
|
||||
|
|
@ -8365,8 +8420,8 @@ _LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd],
|
|||
|
||||
# Helper functions for option handling. -*- Autoconf -*-
|
||||
#
|
||||
# Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
|
||||
# Foundation, Inc.
|
||||
# Copyright (C) 2004-2005, 2007-2009, 2011-2019, 2021-2022 Free
|
||||
# Software Foundation, Inc.
|
||||
# Written by Gary V. Vaughan, 2004
|
||||
#
|
||||
# This file is free software; the Free Software Foundation gives
|
||||
|
|
@ -8797,7 +8852,7 @@ LT_OPTION_DEFINE([LTDL_INIT], [convenience],
|
|||
|
||||
# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*-
|
||||
#
|
||||
# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
|
||||
# Copyright (C) 2004-2005, 2007-2008, 2011-2019, 2021-2022 Free Software
|
||||
# Foundation, Inc.
|
||||
# Written by Gary V. Vaughan, 2004
|
||||
#
|
||||
|
|
@ -8922,7 +8977,8 @@ m4_define([lt_dict_filter],
|
|||
|
||||
# ltversion.m4 -- version numbers -*- Autoconf -*-
|
||||
#
|
||||
# Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2004, 2011-2019, 2021-2022 Free Software Foundation,
|
||||
# Inc.
|
||||
# Written by Scott James Remnant, 2004
|
||||
#
|
||||
# This file is free software; the Free Software Foundation gives
|
||||
|
|
@ -8931,23 +8987,23 @@ m4_define([lt_dict_filter],
|
|||
|
||||
# @configure_input@
|
||||
|
||||
# serial 4179 ltversion.m4
|
||||
# serial 4245 ltversion.m4
|
||||
# This file is part of GNU Libtool
|
||||
|
||||
m4_define([LT_PACKAGE_VERSION], [2.4.6])
|
||||
m4_define([LT_PACKAGE_REVISION], [2.4.6])
|
||||
m4_define([LT_PACKAGE_VERSION], [2.4.7])
|
||||
m4_define([LT_PACKAGE_REVISION], [2.4.7])
|
||||
|
||||
AC_DEFUN([LTVERSION_VERSION],
|
||||
[macro_version='2.4.6'
|
||||
macro_revision='2.4.6'
|
||||
[macro_version='2.4.7'
|
||||
macro_revision='2.4.7'
|
||||
_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
|
||||
_LT_DECL(, macro_revision, 0)
|
||||
])
|
||||
|
||||
# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*-
|
||||
#
|
||||
# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
|
||||
# Foundation, Inc.
|
||||
# Copyright (C) 2004-2005, 2007, 2009, 2011-2019, 2021-2022 Free
|
||||
# Software Foundation, Inc.
|
||||
# Written by Scott James Remnant, 2004.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation gives
|
||||
|
|
@ -9044,8 +9100,8 @@ m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])])
|
|||
m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])])
|
||||
m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])])
|
||||
|
||||
# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
|
||||
# serial 11 (pkg-config-0.29.1)
|
||||
# pkg.m4 - Macros to locate and use pkg-config. -*- Autoconf -*-
|
||||
# serial 12 (pkg-config-0.29.2)
|
||||
|
||||
dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
|
||||
dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
|
||||
|
|
@ -9087,7 +9143,7 @@ dnl
|
|||
dnl See the "Since" comment for each macro you use to see what version
|
||||
dnl of the macros you require.
|
||||
m4_defun([PKG_PREREQ],
|
||||
[m4_define([PKG_MACROS_VERSION], [0.29.1])
|
||||
[m4_define([PKG_MACROS_VERSION], [0.29.2])
|
||||
m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
|
||||
[m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
|
||||
])dnl PKG_PREREQ
|
||||
|
|
@ -9132,7 +9188,7 @@ dnl Check to see whether a particular set of modules exists. Similar to
|
|||
dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
|
||||
dnl
|
||||
dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
|
||||
dnl only at the first occurence in configure.ac, so if the first place
|
||||
dnl only at the first occurrence in configure.ac, so if the first place
|
||||
dnl it's called might be skipped (such as if it is within an "if", you
|
||||
dnl have to call PKG_CHECK_EXISTS manually
|
||||
AC_DEFUN([PKG_CHECK_EXISTS],
|
||||
|
|
@ -9188,7 +9244,7 @@ AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
|
|||
AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
|
||||
|
||||
pkg_failed=no
|
||||
AC_MSG_CHECKING([for $1])
|
||||
AC_MSG_CHECKING([for $2])
|
||||
|
||||
_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
|
||||
_PKG_CONFIG([$1][_LIBS], [libs], [$2])
|
||||
|
|
@ -9198,17 +9254,17 @@ and $1[]_LIBS to avoid the need to call pkg-config.
|
|||
See the pkg-config man page for more details.])
|
||||
|
||||
if test $pkg_failed = yes; then
|
||||
AC_MSG_RESULT([no])
|
||||
AC_MSG_RESULT([no])
|
||||
_PKG_SHORT_ERRORS_SUPPORTED
|
||||
if test $_pkg_short_errors_supported = yes; then
|
||||
$1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
|
||||
else
|
||||
$1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
|
||||
$1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
|
||||
else
|
||||
$1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
|
||||
fi
|
||||
# Put the nasty error message in config.log where it belongs
|
||||
echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
|
||||
# Put the nasty error message in config.log where it belongs
|
||||
echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
|
||||
|
||||
m4_default([$4], [AC_MSG_ERROR(
|
||||
m4_default([$4], [AC_MSG_ERROR(
|
||||
[Package requirements ($2) were not met:
|
||||
|
||||
$$1_PKG_ERRORS
|
||||
|
|
@ -9219,8 +9275,8 @@ installed software in a non-standard prefix.
|
|||
_PKG_TEXT])[]dnl
|
||||
])
|
||||
elif test $pkg_failed = untried; then
|
||||
AC_MSG_RESULT([no])
|
||||
m4_default([$4], [AC_MSG_FAILURE(
|
||||
AC_MSG_RESULT([no])
|
||||
m4_default([$4], [AC_MSG_FAILURE(
|
||||
[The pkg-config script could not be found or is too old. Make sure it
|
||||
is in your PATH or set the PKG_CONFIG environment variable to the full
|
||||
path to pkg-config.
|
||||
|
|
@ -9230,10 +9286,10 @@ _PKG_TEXT
|
|||
To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
|
||||
])
|
||||
else
|
||||
$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
|
||||
$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
|
||||
$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
|
||||
$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
|
||||
AC_MSG_RESULT([yes])
|
||||
$3
|
||||
$3
|
||||
fi[]dnl
|
||||
])dnl PKG_CHECK_MODULES
|
||||
|
||||
|
|
@ -9390,7 +9446,7 @@ AS_IF([test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"],
|
|||
|
||||
# AM_CONDITIONAL -*- Autoconf -*-
|
||||
|
||||
# Copyright (C) 1997-2020 Free Software Foundation, Inc.
|
||||
# Copyright (C) 1997-2021 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
|
@ -9421,7 +9477,7 @@ AC_CONFIG_COMMANDS_PRE(
|
|||
Usually this means the macro was only invoked conditionally.]])
|
||||
fi])])
|
||||
|
||||
# Copyright (C) 2006-2020 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2006-2021 Free Software Foundation, Inc.
|
||||
#
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
|
|
|
|||
|
|
@ -253,6 +253,9 @@
|
|||
/* Define to 1 if you have the `EVP_EncryptInit_ex' function. */
|
||||
#undef HAVE_EVP_ENCRYPTINIT_EX
|
||||
|
||||
/* Define to 1 if you have the `EVP_MAC_CTX_new' function. */
|
||||
#undef HAVE_EVP_MAC_CTX_NEW
|
||||
|
||||
/* Define to 1 if you have the `EVP_MAC_CTX_set_params' function. */
|
||||
#undef HAVE_EVP_MAC_CTX_SET_PARAMS
|
||||
|
||||
|
|
@ -334,6 +337,9 @@
|
|||
/* Define to 1 if you have the <hiredis/hiredis.h> header file. */
|
||||
#undef HAVE_HIREDIS_HIREDIS_H
|
||||
|
||||
/* Define to 1 if you have the `HMAC_CTX_new' function. */
|
||||
#undef HAVE_HMAC_CTX_NEW
|
||||
|
||||
/* Define to 1 if you have the `HMAC_Init_ex' function. */
|
||||
#undef HAVE_HMAC_INIT_EX
|
||||
|
||||
|
|
@ -655,6 +661,9 @@
|
|||
function. */
|
||||
#undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB
|
||||
|
||||
/* Define to 1 if you have the `SSL_CTX_set_tmp_ecdh' function. */
|
||||
#undef HAVE_SSL_CTX_SET_TMP_ECDH
|
||||
|
||||
/* Define to 1 if you have the `SSL_get0_alpn_selected' function. */
|
||||
#undef HAVE_SSL_GET0_ALPN_SELECTED
|
||||
|
||||
|
|
|
|||
|
|
@ -997,7 +997,7 @@ else
|
|||
AC_MSG_RESULT([no])
|
||||
fi
|
||||
AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h openssl/param_build.h],,, [AC_INCLUDES_DEFAULT])
|
||||
AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_default_properties_is_fips_enabled EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex])
|
||||
AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_default_properties_is_fips_enabled EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex SSL_CTX_set_tmp_ecdh HMAC_CTX_new EVP_MAC_CTX_new])
|
||||
|
||||
# these check_funcs need -lssl
|
||||
BAKLIBS="$LIBS"
|
||||
|
|
|
|||
|
|
@ -89,6 +89,7 @@
|
|||
#include "util/random.h"
|
||||
#include "util/tube.h"
|
||||
#include "util/net_help.h"
|
||||
#include "util/tsig.h"
|
||||
#include "sldns/keyraw.h"
|
||||
#include "respip/respip.h"
|
||||
#include "iterator/iter_fwd.h"
|
||||
|
|
@ -320,6 +321,17 @@ daemon_init(void)
|
|||
free(daemon);
|
||||
return NULL;
|
||||
}
|
||||
if(!(daemon->env->tsig_key_table = tsig_key_table_create())) {
|
||||
auth_zones_delete(daemon->env->auth_zones);
|
||||
acl_list_delete(daemon->acl_interface);
|
||||
acl_list_delete(daemon->acl);
|
||||
tcl_list_delete(daemon->tcl);
|
||||
edns_known_options_delete(daemon->env);
|
||||
edns_strings_delete(daemon->env->edns_strings);
|
||||
free(daemon->env);
|
||||
free(daemon);
|
||||
return NULL;
|
||||
}
|
||||
return daemon;
|
||||
}
|
||||
|
||||
|
|
@ -771,6 +783,10 @@ daemon_fork(struct daemon* daemon)
|
|||
daemon->use_response_ip = !respip_set_is_empty(
|
||||
daemon->env->respip_set) || have_view_respip_cfg;
|
||||
|
||||
/* setup tsig keys */
|
||||
if(!tsig_key_table_apply_cfg(daemon->env->tsig_key_table, daemon->cfg))
|
||||
fatal_exit("Could not set up TSIG keys");
|
||||
|
||||
/* setup modules */
|
||||
daemon_setup_modules(daemon);
|
||||
|
||||
|
|
@ -944,6 +960,7 @@ daemon_delete(struct daemon* daemon)
|
|||
edns_known_options_delete(daemon->env);
|
||||
edns_strings_delete(daemon->env->edns_strings);
|
||||
auth_zones_delete(daemon->env->auth_zones);
|
||||
tsig_key_table_delete(daemon->env->tsig_key_table);
|
||||
}
|
||||
ub_randfree(daemon->rand);
|
||||
alloc_clear(&daemon->superalloc);
|
||||
|
|
|
|||
|
|
@ -1418,3 +1418,14 @@ remote-control:
|
|||
# rpz-signal-nxdomain-ra: no
|
||||
# for-downstream: no
|
||||
# tags: "example"
|
||||
|
||||
# TSIG keys
|
||||
# tsig-key:
|
||||
# # The key name is sent to the other party, it must be the same
|
||||
# name: "keyname"
|
||||
# # algorithm hmac-md5, or sha1, sha256, sha224, sha384, sha512
|
||||
# algorithm: sha256
|
||||
# # secret material, must be the same as the other party uses.
|
||||
# # base64 encoded random number.
|
||||
# # e.g. from dd if=/dev/random of=/dev/stdout count=1 bs=32 | base64
|
||||
# secret: "K2tf3TRjvQkVCmJF3/Z9vA=="
|
||||
|
|
|
|||
|
|
@ -4935,6 +4935,42 @@ The RPZ zones can be configured in the config file with these settings in the
|
|||
If no tags are specified the policies from this clause will be applied for
|
||||
all clients.
|
||||
|
||||
.. _unbound.conf.tsig-key:
|
||||
|
||||
TSIG Key Options
|
||||
^^^^^^^^^^^^^^^^^
|
||||
|
||||
The **tsig-key:** clauses specify the TSIG keys that are used.
|
||||
There can be multiple **tsig-key:** clauses, with each specifying a
|
||||
different key.
|
||||
Each key has a name, algorithm and secret key material.
|
||||
|
||||
TSIG keys are shared secrets.
|
||||
Both sides of the connection share the secret information.
|
||||
Also they must both use the same name for the key, and same algorithm.
|
||||
|
||||
With ``include: "key.conf"`` it is possible to put the declaration of the key
|
||||
or some lines of it in an external file from the main configuration file.
|
||||
It can also be used without such an include, with it the config statements
|
||||
and key material can be put in separate files.
|
||||
|
||||
|
||||
@@UAHL@unbound.conf.tsig-key@name@@: *"<key name>"*
|
||||
Name of the TSIG key.
|
||||
The key name is transferred in DNS wireformat in the TSIG record, and
|
||||
is used to reference the TSIG key from where it is configured to be used.
|
||||
|
||||
|
||||
@@UAHL@unbound.conf.tsig-key@algorithm@@: *<algorithm name>*
|
||||
Name of the algorithm to use with this TSIG key.
|
||||
This can be md5, sha1, sha224, sha256, sha384 or sha512.
|
||||
|
||||
|
||||
@@UAHL@unbound.conf.tsig-key@secret@@: *"<base64 blob>"*
|
||||
The secret contents is a base64 string.
|
||||
A way to get random base64 bytes is e.g.
|
||||
from ``dd if=/dev/random of=/dev/stdout count=1 bs=32 | base64``
|
||||
|
||||
Memory Control Example
|
||||
----------------------
|
||||
|
||||
|
|
|
|||
|
|
@ -52,6 +52,7 @@
|
|||
#include "util/data/msgreply.h"
|
||||
#include "util/storage/slabhash.h"
|
||||
#include "util/edns.h"
|
||||
#include "util/tsig.h"
|
||||
#include "sldns/sbuffer.h"
|
||||
#include "iterator/iter_fwd.h"
|
||||
#include "iterator/iter_hints.h"
|
||||
|
|
@ -81,6 +82,8 @@ context_finalize(struct ub_ctx* ctx)
|
|||
return UB_INITFAIL;
|
||||
listen_setup_locks();
|
||||
log_edns_known_options(VERB_ALGO, ctx->env);
|
||||
if(!tsig_key_table_apply_cfg(ctx->env->tsig_key_table, cfg))
|
||||
return UB_INITFAIL;
|
||||
ctx->local_zones = local_zones_create();
|
||||
if(!ctx->local_zones)
|
||||
return UB_NOMEM;
|
||||
|
|
|
|||
|
|
@ -59,6 +59,7 @@
|
|||
#include "util/tube.h"
|
||||
#include "util/ub_event.h"
|
||||
#include "util/edns.h"
|
||||
#include "util/tsig.h"
|
||||
#include "services/modstack.h"
|
||||
#include "services/localzone.h"
|
||||
#include "services/cache/infra.h"
|
||||
|
|
@ -168,6 +169,18 @@ static struct ub_ctx* ub_ctx_create_nopipe(void)
|
|||
errno = ENOMEM;
|
||||
return NULL;
|
||||
}
|
||||
ctx->env->tsig_key_table = tsig_key_table_create();
|
||||
if(!ctx->env->tsig_key_table) {
|
||||
auth_zones_delete(ctx->env->auth_zones);
|
||||
edns_known_options_delete(ctx->env);
|
||||
edns_strings_delete(ctx->env->edns_strings);
|
||||
config_delete(ctx->env->cfg);
|
||||
free(ctx->env);
|
||||
ub_randfree(ctx->seed_rnd);
|
||||
free(ctx);
|
||||
errno = ENOMEM;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ctx->env->alloc = &ctx->superalloc;
|
||||
ctx->env->worker = NULL;
|
||||
|
|
@ -388,6 +401,7 @@ ub_ctx_delete(struct ub_ctx* ctx)
|
|||
config_delete(ctx->env->cfg);
|
||||
edns_known_options_delete(ctx->env);
|
||||
edns_strings_delete(ctx->env->edns_strings);
|
||||
tsig_key_table_delete(ctx->env->tsig_key_table);
|
||||
forwards_delete(ctx->env->fwds);
|
||||
hints_delete(ctx->env->hints);
|
||||
auth_zones_delete(ctx->env->auth_zones);
|
||||
|
|
|
|||
|
|
@ -494,6 +494,7 @@ typedef enum sldns_enum_ede_code sldns_ede_code;
|
|||
#define LDNS_TSIG_ERROR_BADMODE 19
|
||||
#define LDNS_TSIG_ERROR_BADNAME 20
|
||||
#define LDNS_TSIG_ERROR_BADALG 21
|
||||
#define LDNS_TSIG_ERROR_BADTRUNC 22
|
||||
|
||||
/** DNS Cookie extended rcode */
|
||||
#define LDNS_EXT_RCODE_BADCOOKIE 23
|
||||
|
|
|
|||
|
|
@ -255,6 +255,7 @@ static sldns_lookup_table sldns_tsig_errors_data[] = {
|
|||
{ LDNS_TSIG_ERROR_BADMODE, "BADMODE" },
|
||||
{ LDNS_TSIG_ERROR_BADNAME, "BADNAME" },
|
||||
{ LDNS_TSIG_ERROR_BADALG, "BADALG" },
|
||||
{ LDNS_TSIG_ERROR_BADTRUNC, "BADTRUNC" },
|
||||
{ 0, NULL }
|
||||
};
|
||||
sldns_lookup_table* sldns_tsig_errors = sldns_tsig_errors_data;
|
||||
|
|
|
|||
|
|
@ -1362,6 +1362,7 @@ main(int argc, char* argv[])
|
|||
#ifdef HAVE_NGTCP2
|
||||
doq_test();
|
||||
#endif /* HAVE_NGTCP2 */
|
||||
tsig_test();
|
||||
if(log_get_lock()) {
|
||||
lock_basic_destroy((lock_basic_type*)log_get_lock());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -88,5 +88,7 @@ void tcpreuse_test(void);
|
|||
void doq_test(void);
|
||||
/** unit test for infra cache functions */
|
||||
void infra_test(void);
|
||||
/** unit test for tsig functions */
|
||||
void tsig_test(void);
|
||||
|
||||
#endif /* TESTCODE_UNITMAIN_H */
|
||||
|
|
|
|||
969
testcode/unittsig.c
Normal file
969
testcode/unittsig.c
Normal file
|
|
@ -0,0 +1,969 @@
|
|||
/*
|
||||
* testcode/unittsig.c - unit test for TSIG signatures.
|
||||
*
|
||||
* Copyright (c) 2025, NLnet Labs. All rights reserved.
|
||||
*
|
||||
* This software is open source.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
*
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
*
|
||||
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
||||
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
*/
|
||||
/**
|
||||
* \file
|
||||
* Unit test for tsig code.
|
||||
*/
|
||||
#include "config.h"
|
||||
#include "util/tsig.h"
|
||||
#include "util/config_file.h"
|
||||
#include "util/net_help.h"
|
||||
#include "testcode/unitmain.h"
|
||||
#include "sldns/parseutil.h"
|
||||
#include "sldns/pkthdr.h"
|
||||
#include "sldns/sbuffer.h"
|
||||
#include "sldns/str2wire.h"
|
||||
#include "sldns/wire2str.h"
|
||||
#include <ctype.h>
|
||||
|
||||
#define xstr(s) str(s)
|
||||
#define str(s) #s
|
||||
#define SRCDIRSTR xstr(SRCDIR)
|
||||
|
||||
/** verbosity for this file, 0 no, 1 print some, 2 print packet dumps */
|
||||
static int vtest = 0;
|
||||
|
||||
/**
|
||||
* Content of the TSIG test files.
|
||||
*
|
||||
* The tsig test files have this syntax. It is made of lines, lines started
|
||||
* with # are a comment. empty lines are ignored.
|
||||
* file-algorithm <name>
|
||||
* The name is like md5, sha1, sha256 and if the algorithm is not
|
||||
* supported at the test run time, the file is skipped, silently.
|
||||
*
|
||||
* tsig-key:
|
||||
* name: "key.name"
|
||||
* algorithm: "hmac-sha256"
|
||||
* secret: "<base64"
|
||||
* the following lines define name:, algorithm: and secret:
|
||||
* and it adds a tsig-key that can be used.
|
||||
* del-key <name>
|
||||
* The tsig key is deleted, from the in-memory key table.
|
||||
*
|
||||
* packet
|
||||
* <hex>
|
||||
* endpacket
|
||||
* A packet in hex dump, on the following lines. Until 'endpacket'.
|
||||
* It can be used to sign or verify.
|
||||
* check-packet
|
||||
* <hex>
|
||||
* endpacket
|
||||
* A packet in hex dump, on the following lines. Until 'endpacket'.
|
||||
* It is compared to the packet buffer, and the test fails if not equal.
|
||||
*
|
||||
* tsig-sign-query <key> <time> <expected result>
|
||||
* It TSIG signs with key name, at timestamp in secs, and the
|
||||
* result of the call is compared with the expected result, and
|
||||
* the test fails if not equal. The result is in the packet buffer.
|
||||
* tsig-verify-query <key> <time> <rcode> <tsigerror> <tsigothertime>
|
||||
* It tsig verifies the packet, looks up key in the key table.
|
||||
* The verification is at timestamp, in secs. The result is checked,
|
||||
* the key with keyname of result, the rcode function result, and
|
||||
* if tsig data is returned, the tsigerror and tsigothertime are
|
||||
* checked if present. If not equal the test fails.
|
||||
* If no tsig data is returned, keyname '.', and 0 and 0 are the
|
||||
* tsigerr and tsigothertime values that are checked.
|
||||
*
|
||||
* tsig-sign-shared <key> <time> <expected result>
|
||||
* Looks up key in key_table and signs a reply with it.
|
||||
* For a shared packet without prior hash of previous packet, since
|
||||
* there is no previous packet. If the result is not the expected
|
||||
* result the test fails.
|
||||
* tsig-verify-shared <key> <time> <expected result>
|
||||
* Looks up key in key_table and verifies a reply with it.
|
||||
* For a shared packet without prior hash of previous packet, since
|
||||
* there is no previous packet. If the result is not the expected
|
||||
* result the test fails.
|
||||
*
|
||||
* tsig-sign-reply <time> <expected rcode> <expected result2>
|
||||
* <hex>
|
||||
* endpacket
|
||||
* The data from previous packet in the buffer is used with
|
||||
* tsig-verify-query. Then the hex data is the reply, it it
|
||||
* used with tsig-sign-reply. The result packet is in the packet
|
||||
* buffer. The expected rcode is the result of the verify,
|
||||
* the expected result2 is the result of the sign. If that differs
|
||||
* the test fails.
|
||||
*
|
||||
*/
|
||||
|
||||
/** Clean up first keyword */
|
||||
static char*
|
||||
get_keyword(char* line)
|
||||
{
|
||||
char* s = line;
|
||||
while(isspace(*s))
|
||||
s++;
|
||||
if(strlen(s)>0 && s[strlen(s)-1] == '\n')
|
||||
s[strlen(s)-1] = 0;
|
||||
return s;
|
||||
}
|
||||
|
||||
/** Get argument from line */
|
||||
static char*
|
||||
get_arg_on_line(char* line, char* keyword)
|
||||
{
|
||||
char* s = line;
|
||||
s += strlen(keyword);
|
||||
while(isspace(*s))
|
||||
s++;
|
||||
return s;
|
||||
}
|
||||
|
||||
/** Get next argument from line */
|
||||
static char*
|
||||
get_next_arg_on_line(char** s)
|
||||
{
|
||||
char* arg;
|
||||
if(!*s)
|
||||
return *s;
|
||||
while(**s && **s == ' ')
|
||||
(*s)++;
|
||||
arg = *s;
|
||||
if(!**s)
|
||||
return arg; /* No arguments */
|
||||
*s = strchr(*s, ' ');
|
||||
if(!*s) {
|
||||
*s = arg+strlen(arg);
|
||||
return arg; /* No further arguments */
|
||||
}
|
||||
if(!**s)
|
||||
return arg;
|
||||
*(*s)++ = 0;
|
||||
while(**s && **s == ' ')
|
||||
(*s)++;
|
||||
return arg;
|
||||
}
|
||||
|
||||
/** See if algorithm is supported for tsig test */
|
||||
static int
|
||||
tsig_algo_test(char* algo)
|
||||
{
|
||||
if(strcmp(algo, "md5") == 0)
|
||||
return 1;
|
||||
if(strcmp(algo, "sha1") == 0)
|
||||
return 1;
|
||||
if(strcmp(algo, "sha224") == 0) {
|
||||
/* The EVP_sha256 test is also used for sha224. */
|
||||
#ifdef HAVE_EVP_SHA256
|
||||
return 1;
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
if(strcmp(algo, "sha256") == 0) {
|
||||
#ifdef HAVE_EVP_SHA256
|
||||
return 1;
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
if(strcmp(algo, "sha384") == 0) {
|
||||
/* The EVP_sha512 test is also used for sha384. */
|
||||
#ifdef HAVE_EVP_SHA512
|
||||
return 1;
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
if(strcmp(algo, "sha512") == 0) {
|
||||
#ifdef HAVE_EVP_SHA512
|
||||
return 1;
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
if(vtest)
|
||||
printf("Unknown tsig test algorithm %s\n", algo);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/** Handle the file_algorithm */
|
||||
static void
|
||||
handle_file_algorithm(char* line, int* break_file)
|
||||
{
|
||||
char* algo = get_arg_on_line(line, "file-algorithm");
|
||||
if(!tsig_algo_test(algo)) {
|
||||
if(vtest)
|
||||
printf("algorithm not supported\n");
|
||||
*break_file = 1;
|
||||
return;
|
||||
}
|
||||
if(vtest)
|
||||
printf("algorithm supported\n");
|
||||
}
|
||||
|
||||
/** Removes quotes if any */
|
||||
static char*
|
||||
quote_removal(char* line)
|
||||
{
|
||||
if(line[0] == '"') {
|
||||
char* s = line+1;
|
||||
if(strlen(s)>0 && s[strlen(s)-1] == '"')
|
||||
s[strlen(s)-1] = 0;
|
||||
return s;
|
||||
}
|
||||
return line;
|
||||
}
|
||||
|
||||
/** Handle the tsig-key */
|
||||
static void
|
||||
handle_tsig_key(struct tsig_key_table* key_table, FILE* in, const char* fname)
|
||||
{
|
||||
char line[1024];
|
||||
char* s;
|
||||
char* name = NULL, *algorithm = NULL, *secret = NULL;
|
||||
struct config_tsig_key k;
|
||||
|
||||
while(fgets(line, sizeof(line), in)) {
|
||||
line[sizeof(line)-1]=0;
|
||||
s = get_keyword(line);
|
||||
if(strncmp(s, "name:", 5) == 0) {
|
||||
name = strdup(quote_removal(
|
||||
get_arg_on_line(s, "name:")));
|
||||
if(!name)
|
||||
fatal_exit("out of memory");
|
||||
} else if(strncmp(s, "algorithm:", 10) == 0) {
|
||||
algorithm = strdup(quote_removal(
|
||||
get_arg_on_line(s, "algorithm:")));
|
||||
if(!algorithm)
|
||||
fatal_exit("out of memory");
|
||||
} else if(strncmp(s, "secret:", 7) == 0) {
|
||||
secret = strdup(quote_removal(
|
||||
get_arg_on_line(s, "secret:")));
|
||||
if(!secret)
|
||||
fatal_exit("out of memory");
|
||||
} else {
|
||||
fatal_exit("unknown tsig-key element %s: %s",
|
||||
fname, s);
|
||||
}
|
||||
|
||||
if(name && algorithm && secret)
|
||||
break;
|
||||
}
|
||||
|
||||
k.next = NULL;
|
||||
k.name = name;
|
||||
k.algorithm = algorithm;
|
||||
k.secret = secret;
|
||||
if(!tsig_key_table_add_key(key_table, &k))
|
||||
fatal_exit("could not tsig_key_table_add_key, out of memory");
|
||||
if(vtest)
|
||||
printf("add key %s %s\n", name, algorithm);
|
||||
|
||||
free(name);
|
||||
free(algorithm);
|
||||
explicit_bzero(secret, strlen(secret));
|
||||
free(secret);
|
||||
}
|
||||
|
||||
/** Handle the del_key */
|
||||
static void
|
||||
handle_del_key(char* line, struct tsig_key_table* key_table)
|
||||
{
|
||||
char* name = get_arg_on_line(line, "del_key");
|
||||
tsig_key_table_del_key_fromstr(key_table, name);
|
||||
if(vtest)
|
||||
printf("deleted key %s\n", name);
|
||||
}
|
||||
|
||||
/** skip whitespace */
|
||||
static void
|
||||
skip_whites(const char** p)
|
||||
{
|
||||
while(1) {
|
||||
while(isspace((unsigned char)**p))
|
||||
(*p)++;
|
||||
if(**p == ';' || **p == '#') {
|
||||
/* comment, skip until newline */
|
||||
while(**p && **p != '\n')
|
||||
(*p)++;
|
||||
if(**p == '\n')
|
||||
(*p)++;
|
||||
} else return;
|
||||
}
|
||||
}
|
||||
|
||||
/** Read hex part into buffer */
|
||||
static int
|
||||
read_hex_segment(char* s, struct sldns_buffer* buf)
|
||||
{
|
||||
uint8_t val;
|
||||
const char* p = s;
|
||||
while(*p) {
|
||||
skip_whites(&p);
|
||||
if(!*p) break;
|
||||
if(sldns_buffer_position(buf) == sldns_buffer_limit(buf)) {
|
||||
printf("read hex: buffer too small\n");
|
||||
return 0;
|
||||
}
|
||||
if(sldns_hexdigit_to_int(*p) == -1) {
|
||||
printf("read hex: not hex: '%c'\n", *p);
|
||||
return 0;
|
||||
}
|
||||
val = sldns_hexdigit_to_int(*p++) << 4;
|
||||
skip_whites(&p);
|
||||
if(!*p) {
|
||||
printf("read hex: expected another, second, hex digit\n");
|
||||
return 0;
|
||||
}
|
||||
if(sldns_hexdigit_to_int(*p) == -1) {
|
||||
printf("read hex: not hex: '%c'\n", *p);
|
||||
return 0;
|
||||
}
|
||||
val |= sldns_hexdigit_to_int(*p++);
|
||||
sldns_buffer_write_u8(buf, (uint8_t)val);
|
||||
skip_whites(&p);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/** Read hex packet until 'endpacket' */
|
||||
static int
|
||||
read_packet_hex(char* line, struct sldns_buffer* buf, FILE* in,
|
||||
const char* fname)
|
||||
{
|
||||
char l[102400];
|
||||
char* s;
|
||||
sldns_buffer_clear(buf);
|
||||
if(!read_hex_segment(line, buf)) {
|
||||
printf("Could not read hex %s: %s\n", fname, line);
|
||||
return 0;
|
||||
}
|
||||
while(fgets(l, sizeof(l), in)) {
|
||||
l[sizeof(l)-1]=0;
|
||||
s = get_keyword(l);
|
||||
if(strcmp(s, "endpacket") == 0)
|
||||
break;
|
||||
if(!read_hex_segment(s, buf)) {
|
||||
printf("Could not read hex %s: %s\n", fname, s);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
sldns_buffer_flip(buf);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/** Handle the packet */
|
||||
static void
|
||||
handle_packet(char* line, struct sldns_buffer* pkt, FILE* in,
|
||||
const char* fname)
|
||||
{
|
||||
char* arg = get_arg_on_line(line, "packet");
|
||||
if(!read_packet_hex(arg, pkt, in, fname))
|
||||
fatal_exit("Could not read packet");
|
||||
if(vtest >= 2) {
|
||||
char* str = sldns_wire2str_pkt(sldns_buffer_begin(pkt),
|
||||
sldns_buffer_limit(pkt));
|
||||
if(str)
|
||||
printf("packet: %s\n", str);
|
||||
else
|
||||
printf("could not wire2str_pkt\n");
|
||||
free(str);
|
||||
}
|
||||
}
|
||||
|
||||
/** Handle the check-packet */
|
||||
static void
|
||||
handle_check_packet(char* line, struct sldns_buffer* pkt, FILE* in,
|
||||
const char* fname)
|
||||
{
|
||||
char* arg = get_arg_on_line(line, "check-packet");
|
||||
uint8_t data[65536];
|
||||
sldns_buffer check;
|
||||
sldns_buffer_init_frm_data(&check, data, sizeof(data));
|
||||
if(!read_packet_hex(arg, &check, in, fname))
|
||||
fatal_exit("Could not read check-packet");
|
||||
if(vtest >= 2) {
|
||||
char* str = sldns_wire2str_pkt(sldns_buffer_begin(&check),
|
||||
sldns_buffer_limit(&check));
|
||||
if(str)
|
||||
printf("check-packet: %s\n", str);
|
||||
else
|
||||
printf("could not wire2str_pkt\n");
|
||||
free(str);
|
||||
}
|
||||
|
||||
/* Compare the packet */
|
||||
if(vtest && (sldns_buffer_limit(pkt) != sldns_buffer_limit(&check) ||
|
||||
memcmp(sldns_buffer_begin(pkt), sldns_buffer_begin(&check),
|
||||
sldns_buffer_limit(pkt)) != 0)) {
|
||||
printf("The packet and check-packet are different\n");
|
||||
if(sldns_buffer_limit(pkt) != sldns_buffer_limit(&check))
|
||||
printf("Lengths are different %d, %d (check)\n",
|
||||
(int)sldns_buffer_limit(pkt),
|
||||
(int)sldns_buffer_limit(&check));
|
||||
else printf("Lengths are the same %d\n",
|
||||
(int)sldns_buffer_limit(pkt));
|
||||
if(vtest >= 2) {
|
||||
char pkthex[64*1024*2+10], checkhex[64*1024*2+10];
|
||||
char *pktstr, *checkstr;
|
||||
hex_ntop(sldns_buffer_begin(pkt), sldns_buffer_limit(pkt),
|
||||
pkthex, sizeof(pkthex));
|
||||
hex_ntop(sldns_buffer_begin(&check), sldns_buffer_limit(&check),
|
||||
checkhex, sizeof(checkhex));
|
||||
printf(" packet: %s\n", pkthex);
|
||||
printf("check-packet: %s\n", checkhex);
|
||||
pktstr = sldns_wire2str_pkt(sldns_buffer_begin(pkt),
|
||||
sldns_buffer_limit(pkt));
|
||||
checkstr = sldns_wire2str_pkt(
|
||||
sldns_buffer_begin(&check),
|
||||
sldns_buffer_limit(&check));
|
||||
if(pktstr)
|
||||
printf(" packet: %s\n", pktstr);
|
||||
else
|
||||
printf(" packet: could not wire2str\n");
|
||||
if(checkstr)
|
||||
printf("check-packet: %s\n", checkstr);
|
||||
else
|
||||
printf("check-packet: could not wire2str\n");
|
||||
free(pktstr);
|
||||
free(checkstr);
|
||||
}
|
||||
}
|
||||
unit_assert(sldns_buffer_limit(pkt) == sldns_buffer_limit(&check) &&
|
||||
memcmp(sldns_buffer_begin(pkt), sldns_buffer_begin(&check),
|
||||
sldns_buffer_limit(pkt)) == 0);
|
||||
if(vtest)
|
||||
printf("check-packet is equal\n");
|
||||
}
|
||||
|
||||
/** Handle the tsig-sign-query */
|
||||
static void
|
||||
handle_tsig_sign_query(char* line, struct tsig_key_table* key_table,
|
||||
struct sldns_buffer* pkt)
|
||||
{
|
||||
char* arg = get_arg_on_line(line, "tsig-sign-query");
|
||||
char* keyname, *s, *timestr, *expectedstr;
|
||||
int expected_result, ret;
|
||||
uint64_t timepoint;
|
||||
struct tsig_data* tsig;
|
||||
size_t pos;
|
||||
|
||||
s = arg;
|
||||
keyname = get_next_arg_on_line(&s);
|
||||
timestr = get_next_arg_on_line(&s);
|
||||
expectedstr = get_next_arg_on_line(&s);
|
||||
|
||||
timepoint = (uint64_t)atoll(timestr);
|
||||
if(timepoint == 0 && strcmp(timestr, "0") != 0)
|
||||
fatal_exit("expected time argument for %s", timestr);
|
||||
expected_result = atoi(expectedstr);
|
||||
if(expected_result == 0 && strcmp(expectedstr, "0") != 0)
|
||||
fatal_exit("expected int argument for %s", expectedstr);
|
||||
|
||||
if(vtest)
|
||||
printf("tsig-sign-query with %s %d %d\n", keyname,
|
||||
(int)timepoint, expected_result);
|
||||
|
||||
tsig = tsig_create_fromstr(key_table, keyname);
|
||||
if(!tsig)
|
||||
fatal_exit("alloc fail or key not found %s", keyname);
|
||||
|
||||
/* Put position at the end of the packet to sign it. */
|
||||
pos = sldns_buffer_limit(pkt);
|
||||
sldns_buffer_clear(pkt);
|
||||
sldns_buffer_set_position(pkt, pos);
|
||||
|
||||
ret = tsig_sign_query(tsig, pkt, key_table, timepoint);
|
||||
sldns_buffer_flip(pkt);
|
||||
|
||||
if(vtest) {
|
||||
if(ret == expected_result)
|
||||
printf("function ok, %s\n", (ret?"success":"fail"));
|
||||
else
|
||||
printf("function returned %d, expected result %d\n",
|
||||
ret, expected_result);
|
||||
}
|
||||
unit_assert(ret == expected_result);
|
||||
|
||||
tsig_delete(tsig);
|
||||
}
|
||||
|
||||
/** Convert RCODE string to number. */
|
||||
static int
|
||||
str2wire_rcode(const char* str)
|
||||
{
|
||||
sldns_lookup_table *lt = sldns_lookup_by_name(sldns_rcodes, str);
|
||||
if(lt) {
|
||||
return (int)lt->id;
|
||||
} else if(strncmp(str, "RCODE", 5) == 0) {
|
||||
return atoi(str+5);
|
||||
}
|
||||
/* Try as-is, a number. */
|
||||
return atoi(str);
|
||||
}
|
||||
|
||||
/** Convert TSIG error code string to number. */
|
||||
static int
|
||||
str2wire_tsigerror(const char* str)
|
||||
{
|
||||
sldns_lookup_table *lt = sldns_lookup_by_name(sldns_tsig_errors, str);
|
||||
if(lt) {
|
||||
return (int)lt->id;
|
||||
}
|
||||
/* Try as-is, a number. */
|
||||
return atoi(str);
|
||||
}
|
||||
|
||||
/** Print TSIG error code to string */
|
||||
static void
|
||||
wire2str_tsigerror_buf(int tsigerr, char* buf, size_t len)
|
||||
{
|
||||
sldns_lookup_table *lt;
|
||||
lt = sldns_lookup_by_id(sldns_tsig_errors, tsigerr);
|
||||
if(lt && lt->name)
|
||||
snprintf(buf, len, "%s", lt->name);
|
||||
else snprintf(buf, len, "%d", tsigerr);
|
||||
}
|
||||
|
||||
/** Handle the tsig-verify-query */
|
||||
static void
|
||||
handle_tsig_verify_query(char* line, struct tsig_key_table* key_table,
|
||||
struct sldns_buffer* pkt)
|
||||
{
|
||||
char* arg = get_arg_on_line(line, "tsig-verify-query");
|
||||
char* keyname, *s, *timestr, *expected_rcode_str,
|
||||
*expected_tsigerr_str, *expected_other_str;
|
||||
int expected_rcode, expected_tsigerr, ret;
|
||||
uint64_t timepoint, expected_other;
|
||||
struct tsig_data* tsig;
|
||||
char keyname_dname[256];
|
||||
|
||||
s = arg;
|
||||
keyname = get_next_arg_on_line(&s);
|
||||
timestr = get_next_arg_on_line(&s);
|
||||
expected_rcode_str = get_next_arg_on_line(&s);
|
||||
expected_tsigerr_str = get_next_arg_on_line(&s);
|
||||
expected_other_str = get_next_arg_on_line(&s);
|
||||
|
||||
timepoint = (uint64_t)atoll(timestr);
|
||||
if(timepoint == 0 && strcmp(timestr, "0") != 0)
|
||||
fatal_exit("expected time argument for %s", timestr);
|
||||
expected_rcode = str2wire_rcode(expected_rcode_str);
|
||||
if(expected_rcode == 0 && strcmp(expected_rcode_str, "0") != 0 &&
|
||||
strcmp(expected_rcode_str, "NOERROR") != 0 &&
|
||||
strcmp(expected_rcode_str, "RCODE0") != 0)
|
||||
fatal_exit("expected rcode argument for %s", expected_rcode_str);
|
||||
expected_tsigerr = str2wire_tsigerror(expected_tsigerr_str);
|
||||
if(expected_tsigerr == 0 && strcmp(expected_tsigerr_str, "0") != 0 &&
|
||||
strcmp(expected_tsigerr_str, "NOERROR") != 0)
|
||||
fatal_exit("expected tsigerrorcode argument for %s",
|
||||
expected_tsigerr_str);
|
||||
expected_other = (uint64_t)atoll(expected_other_str);
|
||||
if(expected_other == 0 && strcmp(expected_other_str, "0") != 0)
|
||||
fatal_exit("expected int argument for %s", expected_other_str);
|
||||
if(strlen(keyname) > 0 && keyname[strlen(keyname)-1] == '.')
|
||||
snprintf(keyname_dname, sizeof(keyname_dname), "%s", keyname);
|
||||
else snprintf(keyname_dname, sizeof(keyname_dname), "%s.", keyname);
|
||||
|
||||
if(vtest) {
|
||||
char bufrc[16], bufte[16];
|
||||
sldns_wire2str_rcode_buf(expected_rcode, bufrc, sizeof(bufrc));
|
||||
wire2str_tsigerror_buf(expected_tsigerr, bufte, sizeof(bufte));
|
||||
printf("tsig-verify-query with %s %d %s %s %llu\n", keyname,
|
||||
(int)timepoint, bufrc, bufte,
|
||||
(unsigned long long)expected_other);
|
||||
}
|
||||
|
||||
/* Put position before TSIG */
|
||||
if(!tsig_find_rr(pkt)) {
|
||||
if(vtest)
|
||||
printf("tsig-verify-query found no TSIG RR\n");
|
||||
unit_assert(0);
|
||||
return;
|
||||
}
|
||||
ret = tsig_parse_verify_query(key_table, pkt, &tsig, NULL, timepoint);
|
||||
|
||||
if(vtest) {
|
||||
char bufrc[16], bufte[16], retrc[16], rette[16];
|
||||
sldns_wire2str_rcode_buf(expected_rcode, bufrc, sizeof(bufrc));
|
||||
wire2str_tsigerror_buf(expected_tsigerr, bufte, sizeof(bufte));
|
||||
sldns_wire2str_rcode_buf(ret, retrc, sizeof(retrc));
|
||||
if(tsig)
|
||||
wire2str_tsigerror_buf(tsig->error, rette, sizeof(rette));
|
||||
else snprintf(rette, sizeof(rette), "none");
|
||||
if(ret == expected_rcode)
|
||||
printf("function ok, rcode %s\n", retrc);
|
||||
else
|
||||
printf("function returned %s, expected result %s\n",
|
||||
retrc, bufrc);
|
||||
if(tsig) {
|
||||
char keynm[256];
|
||||
if(tsig->error == expected_tsigerr)
|
||||
printf("tsig error ok, it is %s\n", bufte);
|
||||
else printf("tsig error %s, expected %s\n", rette,
|
||||
bufte);
|
||||
if(tsig->other_len == 6) {
|
||||
if(tsig->other_time == expected_other)
|
||||
printf("othererrortime ok, it is %llu\n",
|
||||
(unsigned long long)expected_other);
|
||||
else printf("othererrortime %llu, expected %llu\n",
|
||||
(unsigned long long)tsig->other_time,
|
||||
(unsigned long long)expected_other);
|
||||
} else {
|
||||
if(0 == expected_other)
|
||||
printf("othererrortime ok, none\n");
|
||||
else printf("othererrortime none, expected %llu\n",
|
||||
(unsigned long long)expected_other);
|
||||
}
|
||||
sldns_wire2str_dname_buf(tsig->key_name,
|
||||
tsig->key_name_len, keynm, sizeof(keynm));
|
||||
if(strcmp(keynm, keyname_dname) != 0)
|
||||
printf("tsig key is %s, expected %s\n",
|
||||
keynm, keyname_dname);
|
||||
} else {
|
||||
if(expected_tsigerr != 0 || expected_other != 0 ||
|
||||
strcmp(keyname_dname, ".") != 0) {
|
||||
printf("no tsig data returned, but expected it\n");
|
||||
}
|
||||
}
|
||||
}
|
||||
unit_assert(ret == expected_rcode);
|
||||
if(tsig) {
|
||||
char keynm[256];
|
||||
unit_assert(tsig->error == expected_tsigerr);
|
||||
if(tsig->other_len == 6) {
|
||||
unit_assert(tsig->other_time == (uint64_t)expected_other);
|
||||
} else {
|
||||
unit_assert(0 == expected_other);
|
||||
}
|
||||
sldns_wire2str_dname_buf(tsig->key_name, tsig->key_name_len,
|
||||
keynm, sizeof(keynm));
|
||||
unit_assert(strcmp(keynm, keyname_dname) == 0);
|
||||
} else {
|
||||
unit_assert(0 == expected_tsigerr);
|
||||
unit_assert(0 == expected_other);
|
||||
unit_assert(strcmp(keyname_dname, ".") == 0);
|
||||
}
|
||||
|
||||
tsig_delete(tsig);
|
||||
}
|
||||
|
||||
/** Handle the tsig-sign-shared */
|
||||
static void
|
||||
handle_tsig_sign_shared(char* line, struct tsig_key_table* key_table,
|
||||
struct sldns_buffer* pkt)
|
||||
{
|
||||
char* arg = get_arg_on_line(line, "tsig-sign-shared");
|
||||
char* keyname, *s, *timestr, *expectedstr;
|
||||
int expected_result, ret;
|
||||
uint64_t timepoint;
|
||||
struct tsig_key* key;
|
||||
size_t pos;
|
||||
uint8_t keynm[256];
|
||||
size_t keynm_len;
|
||||
|
||||
s = arg;
|
||||
keyname = get_next_arg_on_line(&s);
|
||||
timestr = get_next_arg_on_line(&s);
|
||||
expectedstr = get_next_arg_on_line(&s);
|
||||
|
||||
timepoint = (uint64_t)atoll(timestr);
|
||||
if(timepoint == 0 && strcmp(timestr, "0") != 0)
|
||||
fatal_exit("expected time argument for %s", timestr);
|
||||
expected_result = atoi(expectedstr);
|
||||
if(expected_result == 0 && strcmp(expectedstr, "0") != 0)
|
||||
fatal_exit("expected int argument for %s", expectedstr);
|
||||
|
||||
if(vtest)
|
||||
printf("tsig-sign-shared with %s %d %d\n", keyname,
|
||||
(int)timepoint, expected_result);
|
||||
|
||||
keynm_len = sizeof(keynm);
|
||||
if(sldns_str2wire_dname_buf(keyname, keynm, &keynm_len) != 0)
|
||||
fatal_exit("could not parse '%s'", keyname);
|
||||
key = tsig_key_table_search(key_table, keynm, keynm_len);
|
||||
if(!key)
|
||||
fatal_exit("key not found %s", keyname);
|
||||
|
||||
/* Put position at the end of the packet to sign it. */
|
||||
pos = sldns_buffer_limit(pkt);
|
||||
sldns_buffer_clear(pkt);
|
||||
sldns_buffer_set_position(pkt, pos);
|
||||
|
||||
ret = tsig_sign_shared(pkt, key->name, key->algo->wireformat_name,
|
||||
key->data, key->data_len, timepoint);
|
||||
sldns_buffer_flip(pkt);
|
||||
|
||||
if(vtest) {
|
||||
if(ret == expected_result)
|
||||
printf("function ok, ret %d\n", ret);
|
||||
else
|
||||
printf("function returned %d, expected result %d\n",
|
||||
ret, expected_result);
|
||||
}
|
||||
unit_assert(ret == expected_result);
|
||||
}
|
||||
|
||||
/** Handle the tsig-verify-shared */
|
||||
static void
|
||||
handle_tsig_verify_shared(char* line, struct tsig_key_table* key_table,
|
||||
struct sldns_buffer* pkt)
|
||||
{
|
||||
char* arg = get_arg_on_line(line, "tsig-verify-shared");
|
||||
char* keyname, *s, *timestr, *expectedstr;
|
||||
int expected_result, ret;
|
||||
uint64_t timepoint;
|
||||
struct tsig_key* key;
|
||||
uint8_t keynm[256];
|
||||
size_t keynm_len, pos;
|
||||
|
||||
s = arg;
|
||||
keyname = get_next_arg_on_line(&s);
|
||||
timestr = get_next_arg_on_line(&s);
|
||||
expectedstr = get_next_arg_on_line(&s);
|
||||
|
||||
timepoint = (uint64_t)atoll(timestr);
|
||||
if(timepoint == 0 && strcmp(timestr, "0") != 0)
|
||||
fatal_exit("expected time argument for %s", timestr);
|
||||
expected_result = atoi(expectedstr);
|
||||
if(expected_result == 0 && strcmp(expectedstr, "0") != 0)
|
||||
fatal_exit("expected int argument for %s", expectedstr);
|
||||
|
||||
if(vtest)
|
||||
printf("tsig-verify-shared with %s %d %d\n", keyname,
|
||||
(int)timepoint, expected_result);
|
||||
|
||||
keynm_len = sizeof(keynm);
|
||||
if(sldns_str2wire_dname_buf(keyname, keynm, &keynm_len) != 0)
|
||||
fatal_exit("could not parse '%s'", keyname);
|
||||
key = tsig_key_table_search(key_table, keynm, keynm_len);
|
||||
if(!key)
|
||||
fatal_exit("key not found %s", keyname);
|
||||
|
||||
pos = sldns_buffer_limit(pkt);
|
||||
sldns_buffer_clear(pkt);
|
||||
sldns_buffer_set_limit(pkt, pos);
|
||||
|
||||
ret = tsig_verify_shared(pkt, key->name, key->algo->wireformat_name,
|
||||
key->data, key->data_len, timepoint);
|
||||
|
||||
if(vtest) {
|
||||
if(ret == expected_result)
|
||||
printf("function ok, ret %d\n", ret);
|
||||
else
|
||||
printf("function returned %d, expected result %d\n",
|
||||
ret, expected_result);
|
||||
}
|
||||
unit_assert(ret == expected_result);
|
||||
}
|
||||
|
||||
/** Handle the tsig-sign-reply */
|
||||
static void
|
||||
handle_tsig_sign_reply(char* line, FILE* in, const char* fname,
|
||||
struct tsig_key_table* key_table, struct sldns_buffer* pkt)
|
||||
{
|
||||
char* arg = get_arg_on_line(line, "tsig-sign-reply");
|
||||
char* s, *timestr, *expected_rcode_str, *expectedstr2;
|
||||
int expected_rcode, expected_result2, ret;
|
||||
uint64_t timepoint;
|
||||
struct tsig_data* tsig;
|
||||
size_t pos;
|
||||
uint8_t buf[65536];
|
||||
sldns_buffer reply_pkt;
|
||||
|
||||
s = arg;
|
||||
timestr = get_next_arg_on_line(&s);
|
||||
expected_rcode_str = get_next_arg_on_line(&s);
|
||||
expectedstr2 = get_next_arg_on_line(&s);
|
||||
|
||||
timepoint = (uint64_t)atoll(timestr);
|
||||
if(timepoint == 0 && strcmp(timestr, "0") != 0)
|
||||
fatal_exit("expected time argument for %s", timestr);
|
||||
expected_rcode = str2wire_rcode(expected_rcode_str);
|
||||
if(expected_rcode == 0 && strcmp(expected_rcode_str, "0") != 0 &&
|
||||
strcmp(expected_rcode_str, "NOERROR") != 0 &&
|
||||
strcmp(expected_rcode_str, "RCODE0") != 0)
|
||||
fatal_exit("expected rcode argument for %s", expected_rcode_str);
|
||||
expected_result2 = atoi(expectedstr2);
|
||||
if(expected_result2 == 0 && strcmp(expectedstr2, "0") != 0)
|
||||
fatal_exit("expected int argument for %s", expectedstr2);
|
||||
|
||||
sldns_buffer_init_frm_data(&reply_pkt, buf, sizeof(buf));
|
||||
if(!read_packet_hex("", &reply_pkt, in, fname))
|
||||
fatal_exit("Could not read reply packet");
|
||||
if(vtest >= 2) {
|
||||
char* str = sldns_wire2str_pkt(sldns_buffer_begin(&reply_pkt),
|
||||
sldns_buffer_limit(&reply_pkt));
|
||||
if(str)
|
||||
printf("reply packet: %s\n", str);
|
||||
else
|
||||
printf("could not wire2str_pkt\n");
|
||||
free(str);
|
||||
}
|
||||
|
||||
if(vtest) {
|
||||
char bufrc[16];
|
||||
sldns_wire2str_rcode_buf(expected_rcode, bufrc, sizeof(bufrc));
|
||||
printf("tsig-sign-reply with %d %s %d\n", (int)timepoint,
|
||||
bufrc, expected_result2);
|
||||
}
|
||||
|
||||
/* Verify the query in the packet buffer. Use that TSIG to sign
|
||||
* a reply. */
|
||||
if(!tsig_find_rr(pkt)) {
|
||||
if(vtest)
|
||||
printf("tsig-verify-query found no TSIG RR\n");
|
||||
unit_assert(0);
|
||||
return;
|
||||
}
|
||||
ret = tsig_parse_verify_query(key_table, pkt, &tsig, NULL, timepoint);
|
||||
if(vtest) {
|
||||
char bufrc[16];
|
||||
sldns_wire2str_rcode_buf(expected_rcode, bufrc, sizeof(bufrc));
|
||||
if(ret == expected_rcode)
|
||||
printf("verify ok, ret %s\n", bufrc);
|
||||
else
|
||||
printf("verify returned %d, expected result %d %s\n",
|
||||
ret, expected_rcode, bufrc);
|
||||
}
|
||||
unit_assert(ret == expected_rcode);
|
||||
|
||||
/* Put position at the end of the packet to sign it. */
|
||||
pos = sldns_buffer_limit(&reply_pkt);
|
||||
sldns_buffer_clear(&reply_pkt);
|
||||
sldns_buffer_set_position(&reply_pkt, pos);
|
||||
if(ret != 0) {
|
||||
/* There was an error, set the rcode for it */
|
||||
LDNS_RCODE_SET(sldns_buffer_begin(&reply_pkt), ret);
|
||||
}
|
||||
|
||||
ret = tsig_sign_reply(tsig, &reply_pkt, key_table, timepoint);
|
||||
sldns_buffer_flip(pkt);
|
||||
|
||||
if(vtest) {
|
||||
if(ret == expected_result2)
|
||||
printf("function ok, %s\n", (ret?"success":"fail"));
|
||||
else
|
||||
printf("function returned %d, expected result %d\n",
|
||||
ret, expected_result2);
|
||||
}
|
||||
unit_assert(ret == expected_result2);
|
||||
|
||||
tsig_delete(tsig);
|
||||
sldns_buffer_flip(&reply_pkt);
|
||||
sldns_buffer_copy(pkt, &reply_pkt);
|
||||
}
|
||||
|
||||
/** Handle one line from the TSIG test file */
|
||||
static void
|
||||
handle_line(char* line, struct tsig_key_table* key_table,
|
||||
struct sldns_buffer* pkt, FILE* in, const char* fname,
|
||||
int* break_file)
|
||||
{
|
||||
char* s = get_keyword(line);
|
||||
if(vtest)
|
||||
printf("line: %s\n", s);
|
||||
if(strncmp(s, "file-algorithm", 14) == 0) {
|
||||
handle_file_algorithm(s, break_file);
|
||||
} else if(strcmp(s, "tsig-key:") == 0) {
|
||||
handle_tsig_key(key_table, in, fname);
|
||||
} else if(strncmp(s, "delkey", 6) == 0) {
|
||||
handle_del_key(s, key_table);
|
||||
} else if(strncmp(s, "packet", 6) == 0) {
|
||||
handle_packet(s, pkt, in, fname);
|
||||
} else if(strncmp(s, "check-packet", 12) == 0) {
|
||||
handle_check_packet(s, pkt, in, fname);
|
||||
} else if(strncmp(s, "tsig-sign-query", 15) == 0) {
|
||||
handle_tsig_sign_query(s, key_table, pkt);
|
||||
} else if(strncmp(s, "tsig-verify-query", 17) == 0) {
|
||||
handle_tsig_verify_query(s, key_table, pkt);
|
||||
} else if(strncmp(s, "tsig-sign-shared", 16) == 0) {
|
||||
handle_tsig_sign_shared(s, key_table, pkt);
|
||||
} else if(strncmp(s, "tsig-verify-shared", 18) == 0) {
|
||||
handle_tsig_verify_shared(s, key_table, pkt);
|
||||
} else if(strncmp(s, "tsig-sign-reply", 15) == 0) {
|
||||
handle_tsig_sign_reply(s, in,fname, key_table, pkt);
|
||||
} else if(strncmp(s, "#", 1) == 0) {
|
||||
/* skip comment */
|
||||
} else if(strcmp(s, "") == 0) {
|
||||
/* skip empty lines */
|
||||
} else {
|
||||
fatal_exit("Unknown tsig line %s: %s", fname, s);
|
||||
}
|
||||
(void)pkt;
|
||||
}
|
||||
|
||||
/** test tsig */
|
||||
static void
|
||||
tsig_test_one(const char* fname)
|
||||
{
|
||||
struct tsig_key_table* key_table;
|
||||
sldns_buffer* pkt;
|
||||
FILE* in;
|
||||
char line[1024];
|
||||
int break_file = 0;
|
||||
|
||||
unit_show_func("tsig", fname);
|
||||
key_table = tsig_key_table_create();
|
||||
if(!key_table)
|
||||
fatal_exit("out of memory");
|
||||
pkt = sldns_buffer_new(65536);
|
||||
if(!pkt)
|
||||
fatal_exit("out of memory");
|
||||
sldns_buffer_flip(pkt); /* start with empty buffer */
|
||||
in = fopen(fname, "r");
|
||||
if(!in)
|
||||
fatal_exit("could not open %s: %s", fname, strerror(errno));
|
||||
|
||||
while(fgets(line, sizeof(line), in)) {
|
||||
line[sizeof(line)-1]=0;
|
||||
handle_line(line, key_table, pkt, in, fname, &break_file);
|
||||
if(break_file)
|
||||
break;
|
||||
}
|
||||
if(ferror(in))
|
||||
fatal_exit("error read %s: %s", fname, strerror(errno));
|
||||
|
||||
tsig_key_table_delete(key_table);
|
||||
sldns_buffer_free(pkt);
|
||||
fclose(in);
|
||||
}
|
||||
|
||||
/** test tsig code */
|
||||
void
|
||||
tsig_test(void)
|
||||
{
|
||||
unit_show_feature("tsig");
|
||||
tsig_test_one(SRCDIRSTR "/testdata/tsig_test.1");
|
||||
tsig_test_one(SRCDIRSTR "/testdata/tsig_test.2");
|
||||
tsig_test_one(SRCDIRSTR "/testdata/tsig_test.3");
|
||||
tsig_test_one(SRCDIRSTR "/testdata/tsig_test.4");
|
||||
tsig_test_one(SRCDIRSTR "/testdata/tsig_test.5");
|
||||
tsig_test_one(SRCDIRSTR "/testdata/tsig_test.6");
|
||||
}
|
||||
165
testdata/tsig_test.1
vendored
Normal file
165
testdata/tsig_test.1
vendored
Normal file
|
|
@ -0,0 +1,165 @@
|
|||
# Test with algorithm MD5
|
||||
file-algorithm md5
|
||||
|
||||
tsig-key:
|
||||
name: "test.key"
|
||||
algorithm: md5
|
||||
secret: "K2tf3TRjvQkVCmJF3/Z9vA=="
|
||||
|
||||
packet
|
||||
# www.example.net. IN TXT
|
||||
3a03010000010000000000000377777707657861
|
||||
6d706c65036e65740000100001
|
||||
endpacket
|
||||
|
||||
# check with the same contents
|
||||
check-packet
|
||||
3a03010000010000000000000377777707657861
|
||||
6d706c65036e65740000100001
|
||||
endpacket
|
||||
|
||||
# sign the query with <key> <timepoint> <expected function ret>
|
||||
tsig-sign-query test.key 1750411954 1
|
||||
|
||||
check-packet
|
||||
3a03010000010000000000010377777707657861
|
||||
6d706c65036e657400001000010474657374036b
|
||||
65790000fa00ff00000000003a08686d61632d6d
|
||||
6435077369672d616c670372656703696e740000
|
||||
0068552ab2012c0010d4a4778ce91160dc5dfd85
|
||||
7e66f57bda3a0300000000
|
||||
endpacket
|
||||
|
||||
# www.example.net A
|
||||
packet
|
||||
e707002000010000000000010377777707657861
|
||||
6d706c65036e6574000001000100002910000000
|
||||
00000000
|
||||
endpacket
|
||||
|
||||
tsig-sign-query test.key 1750419725 1
|
||||
|
||||
check-packet
|
||||
e707002000010000000000020377777707657861
|
||||
6d706c65036e6574000001000100002910000000
|
||||
000000000474657374036b65790000fa00ff0000
|
||||
0000003a08686d61632d6d6435077369672d616c
|
||||
670372656703696e740000006855490d012c0010
|
||||
c00e00f1bafa240f41ee9cbe507b9802e7070000
|
||||
0000
|
||||
endpacket
|
||||
|
||||
tsig-verify-query test.key 1750419725 NOERROR NOERROR 0
|
||||
|
||||
# add some fudge to the time
|
||||
packet
|
||||
e707002000010000000000020377777707657861
|
||||
6d706c65036e6574000001000100002910000000
|
||||
000000000474657374036b65790000fa00ff0000
|
||||
0000003a08686d61632d6d6435077369672d616c
|
||||
670372656703696e740000006855490d012c0010
|
||||
c00e00f1bafa240f41ee9cbe507b9802e7070000
|
||||
0000
|
||||
endpacket
|
||||
|
||||
tsig-verify-query test.key 1750419730 NOERROR NOERROR 0
|
||||
|
||||
# purposely make a bad digest
|
||||
# changed 'www' (0x777777) to 'aaa' (0x616161)
|
||||
packet
|
||||
e707002000010000000000020361616107657861
|
||||
6d706c65036e6574000001000100002910000000
|
||||
000000000474657374036b65790000fa00ff0000
|
||||
0000003a08686d61632d6d6435077369672d616c
|
||||
670372656703696e740000006855490d012c0010
|
||||
c00e00f1bafa240f41ee9cbe507b9802e7070000
|
||||
0000
|
||||
endpacket
|
||||
|
||||
tsig-verify-query test.key 1750419725 NOTAUTH BADSIG 0
|
||||
|
||||
# the wrong time is used, outside of the fudge region
|
||||
packet
|
||||
e707002000010000000000020377777707657861
|
||||
6d706c65036e6574000001000100002910000000
|
||||
000000000474657374036b65790000fa00ff0000
|
||||
0000003a08686d61632d6d6435077369672d616c
|
||||
670372656703696e740000006855490d012c0010
|
||||
c00e00f1bafa240f41ee9cbe507b9802e7070000
|
||||
0000
|
||||
endpacket
|
||||
|
||||
tsig-verify-query test.key 1750819725 NOTAUTH BADTIME 1750819725
|
||||
|
||||
# An unknown key is used, 2222.key
|
||||
packet
|
||||
e707002000010000000000020377777707657861
|
||||
6d706c65036e6574000001000100002910000000
|
||||
000000000432323232036b65790000fa00ff0000
|
||||
0000003a08686d61632d6d6435077369672d616c
|
||||
670372656703696e740000006855490d012c0010
|
||||
c00e00f1bafa240f41ee9cbe507b9802e7070000
|
||||
0000
|
||||
endpacket
|
||||
|
||||
tsig-verify-query 2222.key 1750419725 NOTAUTH BADKEY 0
|
||||
|
||||
# An unknown algorithm is used, hmac-UNK, 554e4b
|
||||
packet
|
||||
e707002000010000000000020377777707657861
|
||||
6d706c65036e6574000001000100002910000000
|
||||
000000000474657374036b65790000fa00ff0000
|
||||
0000003a08686d61632d554e4b077369672d616c
|
||||
670372656703696e740000006855490d012c0010
|
||||
c00e00f1bafa240f41ee9cbe507b9802e7070000
|
||||
0000
|
||||
endpacket
|
||||
|
||||
tsig-verify-query test.key 1750419725 NOTAUTH BADKEY 0
|
||||
|
||||
# truncated hash
|
||||
packet
|
||||
e707002000010000000000020377777707657861
|
||||
6d706c65036e6574000001000100002910000000
|
||||
000000000474657374036b65790000fa00ff0000
|
||||
0000003408686d61632d6d6435077369672d616c
|
||||
670372656703696e740000006855490d012c000a
|
||||
c00e00f1bafa240f41eee7070000
|
||||
0000
|
||||
endpacket
|
||||
|
||||
tsig-verify-query test.key 1750419725 NOTAUTH BADTRUNC 0
|
||||
|
||||
# TSIG does not parse, removed bytes from the end.
|
||||
packet
|
||||
e707002000010000000000020377777707657861
|
||||
6d706c65036e6574000001000100002910000000
|
||||
000000000474657374036b65790000fa00ff0000
|
||||
0000003a08686d61632d6d6435077369672d616c
|
||||
670372656703696e740000006855490d012c0010
|
||||
c00e00f1bafa240f41ee9cbe507b9802
|
||||
endpacket
|
||||
|
||||
tsig-verify-query . 1750419725 FORMERR NOERROR 0
|
||||
|
||||
# www.example.net A
|
||||
packet
|
||||
e707002000010000000000020377777707657861
|
||||
6d706c65036e6574000001000100002910000000
|
||||
000000000474657374036b65790000fa00ff0000
|
||||
0000003a08686d61632d6d6435077369672d616c
|
||||
670372656703696e740000006855490d012c0010
|
||||
c00e00f1bafa240f41ee9cbe507b9802e7070000
|
||||
0000
|
||||
endpacket
|
||||
|
||||
tsig-sign-reply 1750419725 NOERROR 1
|
||||
e707840000010001000000010377777707657861
|
||||
6d706c65036e65740000010001c00c0001000100
|
||||
000e1000040a141e2800002904d0000000000000
|
||||
endpacket
|
||||
|
||||
# reply for www.example.net A
|
||||
check-packet
|
||||
e7078400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000003a08686d61632d6d6435077369672d616c670372656703696e740000006855490d012c0010dc3c138476fcb04cc138aa5c59647b86e70700000000
|
||||
endpacket
|
||||
48
testdata/tsig_test.2
vendored
Normal file
48
testdata/tsig_test.2
vendored
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
# Test with algorithm
|
||||
file-algorithm sha1
|
||||
|
||||
tsig-key:
|
||||
name: "test.key"
|
||||
algorithm: sha1
|
||||
secret: "K2tf3TRjvQkVCmJF3/Z9vA=="
|
||||
|
||||
packet
|
||||
# www.example.net. IN TXT
|
||||
3a03010000010000000000000377777707657861
|
||||
6d706c65036e65740000100001
|
||||
endpacket
|
||||
|
||||
# sign the query with <key> <timepoint> <expected function ret>
|
||||
tsig-sign-query test.key 1750411954 1
|
||||
|
||||
check-packet
|
||||
3a030100000100000000000103777777076578616d706c65036e657400001000010474657374036b65790000fa00ff00000000002f09686d61632d7368613100000068552ab2012c0014ddea549c7a82a0c4309c0894f884adf9dcf7cd2c3a0300000000
|
||||
endpacket
|
||||
|
||||
# www.example.net A
|
||||
packet
|
||||
092d0000000100000000000103777777076578616d706c65036e657400000100010000291000000000000000
|
||||
endpacket
|
||||
|
||||
tsig-sign-query test.key 1750420740 1
|
||||
|
||||
check-packet
|
||||
092d0000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff00000000002f09686d61632d7368613100000068554d04012c0014f493f53a80f43dbd81df4f2feb7064de8247ba0b092d00000000
|
||||
endpacket
|
||||
|
||||
tsig-verify-query test.key 1750420740 NOERROR NOERROR 0
|
||||
|
||||
packet
|
||||
092d0000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff00000000002f09686d61632d7368613100000068554d04012c0014f493f53a80f43dbd81df4f2feb7064de8247ba0b092d00000000
|
||||
endpacket
|
||||
|
||||
tsig-sign-reply 1750420740 NOERROR 1
|
||||
092d840000010001000000010377777707657861
|
||||
6d706c65036e65740000010001c00c0001000100
|
||||
000e1000040a141e2800002904d0000000000000
|
||||
endpacket
|
||||
|
||||
# reply for www.example.net A
|
||||
check-packet
|
||||
092d8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000002f09686d61632d7368613100000068554d04012c001475eace537fd51a9fbf192a10b20bfe824dd20318092d00000000
|
||||
endpacket
|
||||
48
testdata/tsig_test.3
vendored
Normal file
48
testdata/tsig_test.3
vendored
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
# Test with algorithm
|
||||
file-algorithm sha224
|
||||
|
||||
tsig-key:
|
||||
name: "test.key"
|
||||
algorithm: sha224
|
||||
secret: "K2tf3TRjvQkVCmJF3/Z9vA=="
|
||||
|
||||
packet
|
||||
# www.example.net. IN TXT
|
||||
3a03010000010000000000000377777707657861
|
||||
6d706c65036e65740000100001
|
||||
endpacket
|
||||
|
||||
# sign the query with <key> <timepoint> <expected function ret>
|
||||
tsig-sign-query test.key 1750411954 1
|
||||
|
||||
check-packet
|
||||
3a030100000100000000000103777777076578616d706c65036e657400001000010474657374036b65790000fa00ff0000000000390b686d61632d73686132323400000068552ab2012c001c104d12e4ccab950cb7690233661549b027567ea0c8beb868a7c1c4f33a0300000000
|
||||
endpacket
|
||||
|
||||
# www.example.net A
|
||||
packet
|
||||
7e7e0000000100000000000103777777076578616d706c65036e657400000100010000291000000000000000
|
||||
endpacket
|
||||
|
||||
tsig-sign-query test.key 1750421692 1
|
||||
|
||||
check-packet
|
||||
7e7e0000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff0000000000390b686d61632d736861323234000000685550bc012c001c03431f500872691d8780dafe326cdbe56ceaaca1d0ea3e3a262848e77e7e00000000
|
||||
endpacket
|
||||
|
||||
tsig-verify-query test.key 1750421692 NOERROR NOERROR 0
|
||||
|
||||
packet
|
||||
7e7e0000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff0000000000390b686d61632d736861323234000000685550bc012c001c03431f500872691d8780dafe326cdbe56ceaaca1d0ea3e3a262848e77e7e00000000
|
||||
endpacket
|
||||
|
||||
tsig-sign-reply 1750421692 NOERROR 1
|
||||
7e7e840000010001000000010377777707657861
|
||||
6d706c65036e65740000010001c00c0001000100
|
||||
000e1000040a141e2800002904d0000000000000
|
||||
endpacket
|
||||
|
||||
# reply for www.example.net A
|
||||
check-packet
|
||||
7e7e8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff0000000000390b686d61632d736861323234000000685550bc012c001c0fa7ddec264122b5e0c3d1a64ed043c3d68582f0ae2ba2d5b3e186127e7e00000000
|
||||
endpacket
|
||||
60
testdata/tsig_test.4
vendored
Normal file
60
testdata/tsig_test.4
vendored
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
# Test with algorithm
|
||||
file-algorithm sha256
|
||||
|
||||
tsig-key:
|
||||
name: "test.key"
|
||||
algorithm: sha256
|
||||
secret: "K2tf3TRjvQkVCmJF3/Z9vA=="
|
||||
|
||||
packet
|
||||
# www.example.net. IN TXT
|
||||
3a03010000010000000000000377777707657861
|
||||
6d706c65036e65740000100001
|
||||
endpacket
|
||||
|
||||
# sign the query with <key> <timepoint> <expected function ret>
|
||||
tsig-sign-query test.key 1750411954 1
|
||||
|
||||
check-packet
|
||||
3a030100000100000000000103777777076578616d706c65036e657400001000010474657374036b65790000fa00ff00000000003d0b686d61632d73686132353600000068552ab2012c00200c35a60a42461678af59a10fbb1a18dcca69e62d58abdc8be808ab095d4beb403a0300000000
|
||||
endpacket
|
||||
|
||||
# www.example.net A
|
||||
packet
|
||||
c7580000000100000000000103777777076578616d706c65036e657400000100010000291000000000000000
|
||||
endpacket
|
||||
|
||||
tsig-sign-query test.key 1750421767 1
|
||||
|
||||
check-packet
|
||||
c7580000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff00000000003d0b686d61632d73686132353600000068555107012c0020aa49c7e324b075dd057aeaba998ee10b6c72f8573f56d3b42fb2f65ee1e81f76c75800000000
|
||||
endpacket
|
||||
|
||||
tsig-verify-query test.key 1750421767 NOERROR NOERROR 0
|
||||
|
||||
packet
|
||||
c7580000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff00000000003d0b686d61632d73686132353600000068555107012c0020aa49c7e324b075dd057aeaba998ee10b6c72f8573f56d3b42fb2f65ee1e81f76c75800000000
|
||||
endpacket
|
||||
|
||||
tsig-sign-reply 1750421767 NOERROR 1
|
||||
c758840000010001000000010377777707657861
|
||||
6d706c65036e65740000010001c00c0001000100
|
||||
000e1000040a141e2800002904d0000000000000
|
||||
endpacket
|
||||
|
||||
# reply for www.example.net A
|
||||
check-packet
|
||||
c7588400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000003d0b686d61632d73686132353600000068555107012c0020a377c921817d4009a6ab35e7f84aa697751b3a976701e8fb6b843965325bf9bdc75800000000
|
||||
endpacket
|
||||
|
||||
packet
|
||||
c7588400000100010000000103777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d0000000000000
|
||||
endpacket
|
||||
|
||||
tsig-sign-shared test.key 1750411954 0
|
||||
|
||||
check-packet
|
||||
c7588400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000003d0b686d61632d73686132353600000068552ab2012c00206a0e6bb9e1228588a8edd5da1dd611bcd0b4e2dd815e7c5501825ea374b3ebacc75800000000
|
||||
endpacket
|
||||
|
||||
tsig-verify-shared test.key 1750411954 0
|
||||
48
testdata/tsig_test.5
vendored
Normal file
48
testdata/tsig_test.5
vendored
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
# Test with algorithm
|
||||
file-algorithm sha384
|
||||
|
||||
tsig-key:
|
||||
name: "test.key"
|
||||
algorithm: sha384
|
||||
secret: "K2tf3TRjvQkVCmJF3/Z9vA=="
|
||||
|
||||
packet
|
||||
# www.example.net. IN TXT
|
||||
3a03010000010000000000000377777707657861
|
||||
6d706c65036e65740000100001
|
||||
endpacket
|
||||
|
||||
# sign the query with <key> <timepoint> <expected function ret>
|
||||
tsig-sign-query test.key 1750411954 1
|
||||
|
||||
check-packet
|
||||
3a030100000100000000000103777777076578616d706c65036e657400001000010474657374036b65790000fa00ff00000000004d0b686d61632d73686133383400000068552ab2012c00302416b7442f06e5ab2f9814d391c48b73384ab59cccc7de20ecad999a38de62aaa1b61ac0cd3df299bab30776c92322f03a0300000000
|
||||
endpacket
|
||||
|
||||
# www.example.net A
|
||||
packet
|
||||
aafc0000000100000000000103777777076578616d706c65036e657400000100010000291000000000000000
|
||||
endpacket
|
||||
|
||||
tsig-sign-query test.key 1750421817 1
|
||||
|
||||
check-packet
|
||||
aafc0000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff00000000004d0b686d61632d73686133383400000068555139012c00300953f74bcc78dae61e9d93aad74e128dbc240a671de017efd3707235be7890cbf2a51255f5843438fbaa26d04caca506aafc00000000
|
||||
endpacket
|
||||
|
||||
tsig-verify-query test.key 1750421817 NOERROR NOERROR 0
|
||||
|
||||
packet
|
||||
aafc0000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff00000000004d0b686d61632d73686133383400000068555139012c00300953f74bcc78dae61e9d93aad74e128dbc240a671de017efd3707235be7890cbf2a51255f5843438fbaa26d04caca506aafc00000000
|
||||
endpacket
|
||||
|
||||
tsig-sign-reply 1750421817 NOERROR 1
|
||||
aafc840000010001000000010377777707657861
|
||||
6d706c65036e65740000010001c00c0001000100
|
||||
000e1000040a141e2800002904d0000000000000
|
||||
endpacket
|
||||
|
||||
# reply for www.example.net A
|
||||
check-packet
|
||||
aafc8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000004d0b686d61632d73686133383400000068555139012c00301e895712f5633d84e82afd7b1dcdd792c5d51532c7a5f52701c9bd464f0d8f6cc735530d16417e8bf3cf104808554642aafc00000000
|
||||
endpacket
|
||||
48
testdata/tsig_test.6
vendored
Normal file
48
testdata/tsig_test.6
vendored
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
# Test with algorithm
|
||||
file-algorithm sha512
|
||||
|
||||
tsig-key:
|
||||
name: "test.key"
|
||||
algorithm: sha512
|
||||
secret: "K2tf3TRjvQkVCmJF3/Z9vA=="
|
||||
|
||||
packet
|
||||
# www.example.net. IN TXT
|
||||
3a03010000010000000000000377777707657861
|
||||
6d706c65036e65740000100001
|
||||
endpacket
|
||||
|
||||
# sign the query with <key> <timepoint> <expected function ret>
|
||||
tsig-sign-query test.key 1750411954 1
|
||||
|
||||
check-packet
|
||||
3a030100000100000000000103777777076578616d706c65036e657400001000010474657374036b65790000fa00ff00000000005d0b686d61632d73686135313200000068552ab2012c00403cd816538bec85fea4ae45a6fb2e961622a4dfad2afa69da999c53133d02e9f2ba789a14b489678b83ab319662d2388fcc7286bfa11d88e71614c845e77584c43a0300000000
|
||||
endpacket
|
||||
|
||||
# www.example.net A
|
||||
packet
|
||||
e74d0000000100000000000103777777076578616d706c65036e657400000100010000291000000000000000
|
||||
endpacket
|
||||
|
||||
tsig-sign-query test.key 1750421867 1
|
||||
|
||||
check-packet
|
||||
e74d0000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff00000000005d0b686d61632d7368613531320000006855516b012c0040bbc78c7a8019119b79f89f3ed66d874acb3a29bfcd3ac75fce3779d60d41080fe536c03de404a9143314eabce88a0c5eff6204d94d3225cf42327322c8a48acae74d00000000
|
||||
endpacket
|
||||
|
||||
tsig-verify-query test.key 1750421867 NOERROR NOERROR 0
|
||||
|
||||
packet
|
||||
e74d0000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff00000000005d0b686d61632d7368613531320000006855516b012c0040bbc78c7a8019119b79f89f3ed66d874acb3a29bfcd3ac75fce3779d60d41080fe536c03de404a9143314eabce88a0c5eff6204d94d3225cf42327322c8a48acae74d00000000
|
||||
endpacket
|
||||
|
||||
tsig-sign-reply 1750421867 NOERROR 1
|
||||
e74d840000010001000000010377777707657861
|
||||
6d706c65036e65740000010001c00c0001000100
|
||||
000e1000040a141e2800002904d0000000000000
|
||||
endpacket
|
||||
|
||||
# reply for www.example.net A
|
||||
check-packet
|
||||
e74d8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000005d0b686d61632d7368613531320000006855516b012c0040690c00d5e01a382b7a4c07739e0faab1a3c98f5bae1b49213032b7da070c4b985056894e1ebc88468d5d070d0589ea8032fb88f3a1902fa91211d2b4989bbb93e74d00000000
|
||||
endpacket
|
||||
|
|
@ -224,6 +224,7 @@ config_create(void)
|
|||
cfg->stubs = NULL;
|
||||
cfg->forwards = NULL;
|
||||
cfg->auths = NULL;
|
||||
cfg->tsig_keys = NULL;
|
||||
#ifdef CLIENT_SUBNET
|
||||
cfg->client_subnet = NULL;
|
||||
cfg->client_subnet_zone = NULL;
|
||||
|
|
@ -930,7 +931,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||
* max-client-subnet-ipv4, max-client-subnet-ipv6,
|
||||
* min-client-subnet-ipv4, min-client-subnet-ipv6,
|
||||
* max-ecs-tree-size-ipv4, max-ecs-tree-size-ipv6, ipsecmod_hook,
|
||||
* ipsecmod_whitelist. */
|
||||
* ipsecmod_whitelist, tsig-key. */
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
|
|
@ -1436,6 +1437,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||
* local-data-ptr - converted to local-data entries
|
||||
* stub-zone, name, stub-addr, stub-host, stub-prime
|
||||
* forward-zone, name, forward-addr, forward-host
|
||||
* tsig-key
|
||||
*/
|
||||
else return 0;
|
||||
return 1;
|
||||
|
|
@ -1707,6 +1709,27 @@ config_delviews(struct config_view* p)
|
|||
}
|
||||
}
|
||||
|
||||
void
|
||||
config_deltsig_key(struct config_tsig_key* p)
|
||||
{
|
||||
if(!p) return;
|
||||
free(p->name);
|
||||
free(p->algorithm);
|
||||
free(p->secret);
|
||||
free(p);
|
||||
}
|
||||
|
||||
void
|
||||
config_deltsig_keys(struct config_tsig_key* p)
|
||||
{
|
||||
struct config_tsig_key* np;
|
||||
while(p) {
|
||||
np = p->next;
|
||||
config_deltsig_key(p);
|
||||
p = np;
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
config_del_strarray(char** array, int num)
|
||||
{
|
||||
|
|
@ -1762,6 +1785,7 @@ config_delete(struct config_file* cfg)
|
|||
config_delstubs(cfg->forwards);
|
||||
config_delauths(cfg->auths);
|
||||
config_delviews(cfg->views);
|
||||
config_deltsig_keys(cfg->tsig_keys);
|
||||
config_delstrlist(cfg->donotqueryaddrs);
|
||||
config_delstrlist(cfg->root_hints);
|
||||
#ifdef CLIENT_SUBNET
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@
|
|||
struct config_stub;
|
||||
struct config_auth;
|
||||
struct config_view;
|
||||
struct config_tsig_key;
|
||||
struct config_strlist;
|
||||
struct config_str2list;
|
||||
struct config_str3list;
|
||||
|
|
@ -265,6 +266,8 @@ struct config_file {
|
|||
struct config_auth* auths;
|
||||
/** the views definitions, linked list */
|
||||
struct config_view* views;
|
||||
/** the tsig-key definitions, linked list */
|
||||
struct config_tsig_key* tsig_keys;
|
||||
/** list of donotquery addresses, linked list */
|
||||
struct config_strlist* donotqueryaddrs;
|
||||
#ifdef CLIENT_SUBNET
|
||||
|
|
@ -909,6 +912,20 @@ struct config_view {
|
|||
struct config_str2list* respip_data;
|
||||
};
|
||||
|
||||
/**
|
||||
* Tsig-key config options
|
||||
*/
|
||||
struct config_tsig_key {
|
||||
/** next in list */
|
||||
struct config_tsig_key* next;
|
||||
/** name of the tsig key */
|
||||
char* name;
|
||||
/** algorithm */
|
||||
char* algorithm;
|
||||
/** secret date, in base64 */
|
||||
char* secret;
|
||||
};
|
||||
|
||||
/**
|
||||
* List of strings for config options
|
||||
*/
|
||||
|
|
@ -1221,6 +1238,18 @@ void config_delview(struct config_view* p);
|
|||
*/
|
||||
void config_delviews(struct config_view* list);
|
||||
|
||||
/**
|
||||
* Delete a tsig_key item
|
||||
* @param p: tsig_key item
|
||||
*/
|
||||
void config_deltsig_key(struct config_tsig_key* p);
|
||||
|
||||
/**
|
||||
* Delete items in config tsig_key list.
|
||||
* @param list: list.
|
||||
*/
|
||||
void config_deltsig_keys(struct config_tsig_key* list);
|
||||
|
||||
/** check if config for remote control turns on IP-address interface
|
||||
* with certificates or a named pipe without certificates. */
|
||||
int options_remote_is_address(struct config_file* cfg);
|
||||
|
|
|
|||
|
|
@ -607,6 +607,9 @@ proxy-protocol-port{COLON} { YDVAR(1, VAR_PROXY_PROTOCOL_PORT) }
|
|||
iter-scrub-ns{COLON} { YDVAR(1, VAR_ITER_SCRUB_NS) }
|
||||
iter-scrub-cname{COLON} { YDVAR(1, VAR_ITER_SCRUB_CNAME) }
|
||||
max-global-quota{COLON} { YDVAR(1, VAR_MAX_GLOBAL_QUOTA) }
|
||||
tsig-key{COLON} { YDVAR(0, VAR_TSIG_KEY) }
|
||||
algorithm{COLON} { YDVAR(1, VAR_ALGORITHM) }
|
||||
secret{COLON} { YDVAR(1, VAR_SECRET) }
|
||||
<INITIAL,val>{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; }
|
||||
|
||||
/* Quoted strings. Strip leading and ending quotes */
|
||||
|
|
|
|||
|
|
@ -47,7 +47,9 @@
|
|||
#include "util/configyyrename.h"
|
||||
#include "util/config_file.h"
|
||||
#include "util/net_help.h"
|
||||
#include "util/tsig.h"
|
||||
#include "sldns/str2wire.h"
|
||||
#include "sldns/parseutil.h"
|
||||
|
||||
int ub_c_lex(void);
|
||||
void ub_c_error(const char *message);
|
||||
|
|
@ -215,6 +217,7 @@ extern struct config_parser_state* cfg_parser;
|
|||
%token VAR_LOG_DESTADDR VAR_CACHEDB_CHECK_WHEN_SERVE_EXPIRED
|
||||
%token VAR_COOKIE_SECRET_FILE VAR_ITER_SCRUB_NS VAR_ITER_SCRUB_CNAME
|
||||
%token VAR_MAX_GLOBAL_QUOTA VAR_HARDEN_UNVERIFIED_GLUE VAR_LOG_TIME_ISO
|
||||
%token VAR_TSIG_KEY VAR_ALGORITHM VAR_SECRET
|
||||
|
||||
%%
|
||||
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
|
||||
|
|
@ -223,7 +226,7 @@ toplevelvar: serverstart contents_server | stub_clause |
|
|||
rcstart contents_rc | dtstart contents_dt | view_clause |
|
||||
dnscstart contents_dnsc | cachedbstart contents_cachedb |
|
||||
ipsetstart contents_ipset | authstart contents_auth |
|
||||
rpzstart contents_rpz | dynlibstart contents_dl |
|
||||
rpzstart contents_rpz | dynlibstart contents_dl | tsig_key_clause |
|
||||
force_toplevel
|
||||
;
|
||||
force_toplevel: VAR_FORCE_TOPLEVEL
|
||||
|
|
@ -3745,6 +3748,82 @@ dl_file: VAR_DYNLIB_FILE STRING_ARG
|
|||
yyerror("out of memory");
|
||||
}
|
||||
;
|
||||
tsig_key_clause: tsig_key_start contents_tsig_key
|
||||
{
|
||||
/* tsig-key end */
|
||||
if(cfg_parser->cfg->tsig_keys) {
|
||||
if(!cfg_parser->cfg->tsig_keys->name)
|
||||
yyerror("tsig-key without name");
|
||||
else if(!cfg_parser->cfg->tsig_keys->algorithm)
|
||||
ub_c_error_msg("tsig-key %s has no algorithm",
|
||||
cfg_parser->cfg->tsig_keys->name);
|
||||
else if(!cfg_parser->cfg->tsig_keys->secret)
|
||||
ub_c_error_msg("tsig-key %s has no secret blob",
|
||||
cfg_parser->cfg->tsig_keys->name);
|
||||
}
|
||||
}
|
||||
;
|
||||
tsig_key_start: VAR_TSIG_KEY
|
||||
{
|
||||
struct config_tsig_key* s;
|
||||
OUTYY(("\nP(tsig-key:)\n"));
|
||||
cfg_parser->started_toplevel = 1;
|
||||
s = (struct config_tsig_key*)calloc(1,
|
||||
sizeof(struct config_tsig_key));
|
||||
if(s) {
|
||||
s->next = cfg_parser->cfg->tsig_keys;
|
||||
cfg_parser->cfg->tsig_keys = s;
|
||||
} else {
|
||||
yyerror("out of memory");
|
||||
}
|
||||
}
|
||||
;
|
||||
contents_tsig_key: contents_tsig_key content_tsig_key
|
||||
| ;
|
||||
content_tsig_key: tsig_key_name | tsig_key_algorithm | tsig_key_secret
|
||||
;
|
||||
tsig_key_name: VAR_NAME STRING_ARG
|
||||
{
|
||||
uint8_t buf[LDNS_MAX_DOMAINLEN+1];
|
||||
size_t len = sizeof(buf);
|
||||
int r;
|
||||
|
||||
OUTYY(("P(name:%s)\n", $2));
|
||||
free(cfg_parser->cfg->tsig_keys->name);
|
||||
cfg_parser->cfg->tsig_keys->name = $2;
|
||||
|
||||
if((r=sldns_str2wire_dname_buf($2, buf, &len))!=0)
|
||||
ub_c_error_msg("could not parse tsig key name"
|
||||
" '%s':%d: %s", $2, LDNS_WIREPARSE_OFFSET(r),
|
||||
sldns_get_errorstr_parse(r));
|
||||
}
|
||||
tsig_key_algorithm: VAR_ALGORITHM STRING_ARG
|
||||
{
|
||||
OUTYY(("P(algorithm:%s)\n", $2));
|
||||
free(cfg_parser->cfg->tsig_keys->algorithm);
|
||||
cfg_parser->cfg->tsig_keys->algorithm = $2;
|
||||
if(!tsig_algo_check_name($2))
|
||||
ub_c_error_msg("could not parse tsig key algorithm '%s'",
|
||||
$2);
|
||||
}
|
||||
tsig_key_secret: VAR_SECRET STRING_ARG
|
||||
{
|
||||
uint8_t data[16384];
|
||||
int size;
|
||||
|
||||
OUTYY(("P(secret:%s)\n", $2));
|
||||
free(cfg_parser->cfg->tsig_keys->secret);
|
||||
cfg_parser->cfg->tsig_keys->secret = $2;
|
||||
|
||||
size = sldns_b64_pton($2, data, sizeof(data));
|
||||
if(size == -1) {
|
||||
ub_c_error_msg("cannot base64 decode tsig secret %s",
|
||||
cfg_parser->cfg->tsig_keys->name?
|
||||
cfg_parser->cfg->tsig_keys->name:"");
|
||||
} else if(size != 0) {
|
||||
explicit_bzero(data, size);
|
||||
}
|
||||
}
|
||||
server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG
|
||||
{
|
||||
OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2));
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ dname_valid(uint8_t* dname, size_t maxlen)
|
|||
|
||||
/** compare uncompressed, noncanonical, registers are hints for speed */
|
||||
int
|
||||
query_dname_compare(const register uint8_t* d1, const register uint8_t* d2)
|
||||
query_dname_compare(register const uint8_t* d1, register const uint8_t* d2)
|
||||
{
|
||||
register uint8_t lab1, lab2;
|
||||
log_assert(d1 && d2);
|
||||
|
|
|
|||
|
|
@ -72,6 +72,7 @@
|
|||
#include "libunbound/libworker.h"
|
||||
#include "libunbound/context.h"
|
||||
#include "libunbound/worker.h"
|
||||
#include "util/tsig.h"
|
||||
#include "util/tube.h"
|
||||
#include "util/config_file.h"
|
||||
#include "daemon/remote.h"
|
||||
|
|
@ -262,6 +263,7 @@ fptr_whitelist_rbtree_cmp(int (*fptr) (const void *, const void *))
|
|||
else if(fptr == &auth_zone_cmp) return 1;
|
||||
else if(fptr == &auth_data_cmp) return 1;
|
||||
else if(fptr == &auth_xfer_cmp) return 1;
|
||||
else if(fptr == &tsig_key_compare) return 1;
|
||||
#ifdef HAVE_NGTCP2
|
||||
else if(fptr == &doq_conn_cmp) return 1;
|
||||
else if(fptr == &doq_conid_cmp) return 1;
|
||||
|
|
|
|||
|
|
@ -181,6 +181,7 @@ struct views;
|
|||
struct respip_set;
|
||||
struct respip_client_info;
|
||||
struct respip_addr_info;
|
||||
struct tsig_key_table;
|
||||
struct module_stack;
|
||||
|
||||
/** Maximum number of modules in operation */
|
||||
|
|
@ -529,6 +530,8 @@ struct module_env {
|
|||
struct views* views;
|
||||
/** response-ip set with associated actions and tags. */
|
||||
struct respip_set* respip_set;
|
||||
/** the TSIG keys */
|
||||
struct tsig_key_table* tsig_key_table;
|
||||
/** module specific data. indexed by module id. */
|
||||
void* modinfo[MAX_MODULE];
|
||||
|
||||
|
|
|
|||
2018
util/tsig.c
2018
util/tsig.c
File diff suppressed because it is too large
Load diff
398
util/tsig.h
398
util/tsig.h
|
|
@ -1,25 +1,25 @@
|
|||
/*
|
||||
* util/tsig.c - utility functions for TSIG.
|
||||
* util/tsig.h - handle TSIG signatures.
|
||||
*
|
||||
* Copyright (c) 2025, NLnet Labs. All rights reserved.
|
||||
* Copyright (c) 2023, NLnet Labs. All rights reserved.
|
||||
*
|
||||
* This software is open source.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
*
|
||||
* Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
*
|
||||
*
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
*
|
||||
*
|
||||
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
|
|
@ -36,19 +36,385 @@
|
|||
/**
|
||||
* \file
|
||||
*
|
||||
* This file provides functions to create and verify TSIG RRs
|
||||
* This file provides functions to create and verify TSIG RRs.
|
||||
*/
|
||||
|
||||
#ifndef UTIL_TSIG_H
|
||||
#define UTIL_TSIG_H
|
||||
#include "config.h"
|
||||
#include "sldns/sbuffer.h"
|
||||
#include "util/locks.h"
|
||||
#include "util/rbtree.h"
|
||||
struct sldns_buffer;
|
||||
struct config_file;
|
||||
struct config_tsig_key;
|
||||
struct regional;
|
||||
|
||||
/**
|
||||
* Verify pkt with the name (domain name), algorithm and key.
|
||||
* out 0 on success, an error code otherwise.
|
||||
/**
|
||||
* TSIG record, the RR that is in the packet.
|
||||
* The RR Type is TSIG and the RR class is CLASS_ANY. The TTL is 0.
|
||||
*/
|
||||
int tsig_verify(sldns_buffer* pkt, const uint8_t* name, const uint8_t* alg,
|
||||
const uint8_t* secret, size_t secret_len, uint64_t now);
|
||||
struct tsig_record {
|
||||
/** domain name of the RR, the key name. */
|
||||
uint8_t* key_name;
|
||||
/** length of the key_name */
|
||||
size_t key_name_len;
|
||||
/** the position of the TSIG RR in the packet, it is before the owner
|
||||
* name. */
|
||||
size_t tsig_pos;
|
||||
/** the algorithm name, as a domain name. */
|
||||
uint8_t* algorithm_name;
|
||||
/** length of the algorithm_name */
|
||||
size_t algorithm_name_len;
|
||||
/** the signed time, 48bits on the wire */
|
||||
uint64_t signed_time;
|
||||
/** the fudge time */
|
||||
uint16_t fudge_time;
|
||||
/** the mac size, uint16_t on the wire */
|
||||
size_t mac_size;
|
||||
/** the mac data */
|
||||
uint8_t* mac_data;
|
||||
/** the original query id */
|
||||
uint16_t original_query_id;
|
||||
/** the tsig error code */
|
||||
uint16_t error_code;
|
||||
/** length of the other data, uint16_t on the wire */
|
||||
size_t other_size;
|
||||
/** the other data */
|
||||
uint8_t* other_data;
|
||||
/** if the other size is 48bit, the timestamp in it. */
|
||||
uint64_t other_time;
|
||||
};
|
||||
|
||||
#endif
|
||||
/**
|
||||
* TSIG data. This keeps track of the information between packets,
|
||||
* for the TSIG signature, and state, errors, key.
|
||||
*/
|
||||
struct tsig_data {
|
||||
/** The key name, in wireformat */
|
||||
uint8_t* key_name;
|
||||
/** length of the key name */
|
||||
size_t key_name_len;
|
||||
/** The algo name, if the key could not be found. If NULL, it can
|
||||
* be found in the tsig_key algo. */
|
||||
uint8_t* algo_name;
|
||||
/** length of the algo name */
|
||||
size_t algo_name_len;
|
||||
/** mac size */
|
||||
size_t mac_size;
|
||||
/** digest buffer */
|
||||
uint8_t* mac;
|
||||
/** original query ID */
|
||||
uint16_t original_query_id;
|
||||
/** the TSIG class */
|
||||
uint16_t klass;
|
||||
/** the TSIG TTL */
|
||||
uint16_t ttl;
|
||||
/** the time signed, 48bit */
|
||||
uint64_t time_signed;
|
||||
/** fudge amount of time_signed */
|
||||
uint16_t fudge;
|
||||
/** the TSIG error code */
|
||||
uint16_t error;
|
||||
/** other data length, 6 for other_time as failed time. */
|
||||
uint16_t other_len;
|
||||
/** if other len 6, this is 48bit time of error. */
|
||||
uint64_t other_time;
|
||||
};
|
||||
|
||||
/**
|
||||
* TSIG algorithm. This is the HMAC algorithm used for the TSIG mac.
|
||||
*/
|
||||
struct tsig_algorithm {
|
||||
/** Short name of the algorithm, like "hmac-md5" */
|
||||
char* short_name;
|
||||
/**
|
||||
* Full wireformat name of the algorith, such as
|
||||
* "hmac-md5.sig-alg.reg.int."
|
||||
* In canonical format, that is in lowercase.
|
||||
*/
|
||||
uint8_t* wireformat_name;
|
||||
/** length of the wireformat_name */
|
||||
size_t wireformat_name_len;
|
||||
/** digest name, like "md5" */
|
||||
const char* digest;
|
||||
/** the maximum size of the digest from the algorithm, in bytes,
|
||||
* like 16 for MD5, and 20 for SHA1. */
|
||||
size_t max_digest_size;
|
||||
};
|
||||
|
||||
/**
|
||||
* TSIG key. This is used to sign and verify packets.
|
||||
*/
|
||||
struct tsig_key {
|
||||
/** the rbtree node */
|
||||
rbnode_type node;
|
||||
/** name of the key as string */
|
||||
char* name_str;
|
||||
/** the algorithm structure */
|
||||
struct tsig_algorithm* algo;
|
||||
/**
|
||||
* Name of the key, in wireformat.
|
||||
* The key name has to be transferred as a domain name, of the TSIG
|
||||
* RR and thus the key name has to be a wireformat domain name.
|
||||
*/
|
||||
uint8_t* name;
|
||||
/** length of name */
|
||||
size_t name_len;
|
||||
/** the data, with the secret portion of the key. decoded from the
|
||||
* base64 string with the secret. */
|
||||
uint8_t* data;
|
||||
/** the size of the data */
|
||||
size_t data_len;
|
||||
};
|
||||
|
||||
/**
|
||||
* The TSIG key storage. Keys are stored by name.
|
||||
* They are read from config.
|
||||
*/
|
||||
struct tsig_key_table {
|
||||
/* Lock on the tsig key table and all keys. */
|
||||
lock_rw_type lock;
|
||||
/* Tree of tsig keys, by wireformat name. */
|
||||
struct rbtree_type* tree;
|
||||
};
|
||||
|
||||
/**
|
||||
* Create TSIG key table.
|
||||
* @return NULL on alloc failure.
|
||||
*/
|
||||
struct tsig_key_table* tsig_key_table_create(void);
|
||||
|
||||
/**
|
||||
* Delete TSIG key table. And the keys in it.
|
||||
* @param key_table: to delete.
|
||||
*/
|
||||
void tsig_key_table_delete(struct tsig_key_table* key_table);
|
||||
|
||||
/** Add a key to the TSIG key table. */
|
||||
int tsig_key_table_add_key(struct tsig_key_table* key_table,
|
||||
struct config_tsig_key* s);
|
||||
|
||||
/** Delete a key from the TSIG key table. */
|
||||
void tsig_key_table_del_key_fromstr(struct tsig_key_table* key_table,
|
||||
char* name);
|
||||
|
||||
/**
|
||||
* Apply config to the tsig key table.
|
||||
* @param key_table: the tsig key table.
|
||||
* @param cfg: the config to read.
|
||||
* @return false on failure.
|
||||
*/
|
||||
int tsig_key_table_apply_cfg(struct tsig_key_table* key_table,
|
||||
struct config_file* cfg);
|
||||
|
||||
/**
|
||||
* Find key in key table. Caller must hold lock on the table.
|
||||
* @param key_table: the tsig key table.
|
||||
* @param name: name to look for in wireformat.
|
||||
* @param namelen: length of name.
|
||||
* @return the found key or NULL if not found. The item is locked
|
||||
* by the key_table lock.
|
||||
*/
|
||||
struct tsig_key* tsig_key_table_search(struct tsig_key_table* key_table,
|
||||
uint8_t* name, size_t namelen);
|
||||
|
||||
/**
|
||||
* Delete TSIG key.
|
||||
* @param key: to delete
|
||||
*/
|
||||
void tsig_key_delete(struct tsig_key* key);
|
||||
|
||||
/**
|
||||
* See if an algorithm name is in the list of accepted algorithm names.
|
||||
* @param algo_name: string to check
|
||||
* @return 0 on failure.
|
||||
*/
|
||||
int tsig_algo_check_name(const char* algo_name);
|
||||
|
||||
/**
|
||||
* Get the TSIG algorithm for the algorithm name.
|
||||
* @param algo_name: string to find.
|
||||
* @return NULL on failure, tsig algorithm structure.
|
||||
*/
|
||||
struct tsig_algorithm* tsig_algo_find_name(const char* algo_name);
|
||||
|
||||
/**
|
||||
* Get the TSIG algorithm for the algorithm wireformat name.
|
||||
* @param algo: wireformat algorithm name to find.
|
||||
* @return NULL on failure, tsig algorithm structure.
|
||||
*/
|
||||
struct tsig_algorithm* tsig_algo_find_wire(uint8_t* algo);
|
||||
|
||||
/**
|
||||
* Sign pkt with the name (domain name), algorithm and key in Base64.
|
||||
* out 0 on success, -1 on failure.
|
||||
* For a shared packet with contents. This signs a reply packet without
|
||||
* the prior hash, since there is no prior packet.
|
||||
*/
|
||||
int tsig_sign_shared(struct sldns_buffer* pkt, const uint8_t* name,
|
||||
const uint8_t* alg, const uint8_t* secret, size_t secret_len,
|
||||
uint64_t now);
|
||||
|
||||
/**
|
||||
* Verify pkt with the name (domain name), algorithm and key in Base64.
|
||||
* out 0 on success, an error code otherwise.
|
||||
* For a shared packet with contents. This verifies a reply packet without
|
||||
* the prior hash, since there is no prior packet.
|
||||
* out 0 on success, on failure:
|
||||
* -1 for malformed, no tsig RR, or too large for buffer.
|
||||
* >0 rcode with a TSIG error code otherwise.
|
||||
*/
|
||||
int tsig_verify_shared(struct sldns_buffer* pkt, const uint8_t* name,
|
||||
const uint8_t* alg, const uint8_t* secret, size_t secret_len,
|
||||
uint64_t now);
|
||||
|
||||
/** Compare function for the key table keys. */
|
||||
int tsig_key_compare(const void* v1, const void* v2);
|
||||
|
||||
/**
|
||||
* Find tsig key and create new tsig data.
|
||||
* @param key_table: the tsig key table.
|
||||
* @param name: key name in wireformat.
|
||||
* @param namelen: length of name.
|
||||
* @return NULL if not found, or alloc failure.
|
||||
*/
|
||||
struct tsig_data* tsig_create(struct tsig_key_table* key_table,
|
||||
uint8_t* name, size_t namelen);
|
||||
|
||||
/**
|
||||
* Find tsig key and create new tsig data.
|
||||
* @param key_table: the tsig key table.
|
||||
* @param name: key name string.
|
||||
* @return NULL if not found, or alloc failure, or could not parse string.
|
||||
*/
|
||||
struct tsig_data* tsig_create_fromstr(struct tsig_key_table* key_table,
|
||||
char* name);
|
||||
|
||||
/**
|
||||
* Delete tsig data.
|
||||
* @param tsig: the tsig data to delete.
|
||||
*/
|
||||
void tsig_delete(struct tsig_data* tsig);
|
||||
|
||||
/**
|
||||
* Sign a query with TSIG. Appends the TSIG record.
|
||||
* @param tsig: the tsig data, keeps state to verify reply.
|
||||
* @param pkt: query packet. position must be at end of packet.
|
||||
* @param key_table: the tsig key table is used to fetch the key details.
|
||||
* @param now: time to sign the query, the current time.
|
||||
* @return false on failure.
|
||||
*/
|
||||
int tsig_sign_query(struct tsig_data* tsig, struct sldns_buffer* pkt,
|
||||
struct tsig_key_table* key_table, uint64_t now);
|
||||
|
||||
/**
|
||||
* Verify a query with TSIG.
|
||||
* @param tsig: the tsig data, keep state to sign reply.
|
||||
* @param pkt: the query packet.
|
||||
* @param key: the key with algorithm, caller must hold lock.
|
||||
* @param rr: the tsig record parsed from the query.
|
||||
* @param now: time that is used, the current time.
|
||||
* @return rcode with failure for alloc failure or malformed wireformat.
|
||||
* 0 NOERROR is success, if tsig is nonNULL it has either verified
|
||||
* or contains a TSIG error.
|
||||
*/
|
||||
int tsig_verify_query(struct tsig_data* tsig, struct sldns_buffer* pkt,
|
||||
struct tsig_key* key, struct tsig_record* rr, uint64_t now);
|
||||
|
||||
/**
|
||||
* Look up key from TSIG in packet.
|
||||
* @param key_table: the tsig key table.
|
||||
* @param pkt: the packet to look at TSIG.
|
||||
* @param rr: the TSIG record parsed.
|
||||
* @param tsig_ret: the tsig key is returned here. Or it can be NULL, no TSIG.
|
||||
* @param region: if nonNULL used to allocate.
|
||||
* @param key: if the key is in the key_table the key is returned.
|
||||
* On success the key table is locked for the key.
|
||||
* @return fail for alloc failure servfail or wireformat malformed formerr,
|
||||
* success has 0 NOERROR, for no TSIG in packet with tsig returned NULL,
|
||||
* and for key not found with tsig returned with a tsig error in it,
|
||||
* and for key found with tsig returned with tsig in it.
|
||||
* After this call, the return value is the rcode for failure. Then the
|
||||
* tsig, is NULL for no TSIG, or nonNULL, with a TSIG error or content that
|
||||
* can be verified with tsig_verify_query.
|
||||
*/
|
||||
int tsig_lookup_key(struct tsig_key_table* key_table,
|
||||
struct sldns_buffer* pkt, struct tsig_record* rr,
|
||||
struct tsig_data** tsig_ret, struct regional* region,
|
||||
struct tsig_key** key);
|
||||
|
||||
/**
|
||||
* Parse a TSIG from the packet. Current position is just before it.
|
||||
* @param pkt: the packet.
|
||||
* @param rr: data filled in, with pointers to the packet buffer.
|
||||
* The key name can be compressed.
|
||||
* @return 0 if OK, otherwise an RCODE.
|
||||
*/
|
||||
int tsig_parse(struct sldns_buffer* pkt, struct tsig_record* rr);
|
||||
|
||||
/**
|
||||
* Parse and verify the TSIG in query packet.
|
||||
* @param key_table: the tsig key table.
|
||||
* @param pkt: the packet
|
||||
* @param tsig: the tsig key is returned. Or it can be NULL.
|
||||
* @param region: if nonNULL used to allocate.
|
||||
* @param now: time that is used, the current time.
|
||||
* @return rcode with failure for alloc failure or malformed wireformat.
|
||||
* 0 NOERROR is success, if tsig is nonNULL it has either verified
|
||||
* or contains a TSIG error.
|
||||
*/
|
||||
int tsig_parse_verify_query(struct tsig_key_table* key_table,
|
||||
struct sldns_buffer* pkt, struct tsig_data** tsig,
|
||||
struct regional* region, uint64_t now);
|
||||
|
||||
/**
|
||||
* Sign a reply with TSIG. Appends the TSIG record.
|
||||
* @param tsig: the tsig data.
|
||||
* @param pkt: the packet to sign.
|
||||
* @param key_table: the tsig key table is used to fetch the key details.
|
||||
* @param now: time to sign the query, the current time.
|
||||
* @return false on failure.
|
||||
*/
|
||||
int tsig_sign_reply(struct tsig_data* tsig, struct sldns_buffer* pkt,
|
||||
struct tsig_key_table* key_table, uint64_t now);
|
||||
|
||||
/**
|
||||
* Verify a reply with TSIG.
|
||||
* @param tsig: the tsig data.
|
||||
* @param pkt: the reply to verify.
|
||||
* @param key: the key with algorithm, caller must hold lock.
|
||||
* @param rr: the tsig record parsed from the reply.
|
||||
* @param now: time to sign the query, the current time.
|
||||
* @return false on failure, like
|
||||
* alloc failure, wireformat malformed, did not verify.
|
||||
*/
|
||||
int tsig_verify_reply(struct tsig_data* tsig, struct sldns_buffer* pkt,
|
||||
struct tsig_key* key, struct tsig_record* rr, uint64_t now);
|
||||
|
||||
/**
|
||||
* Verify a reply with TSIG.
|
||||
* @param tsig: the tsig data.
|
||||
* @param pkt: the reply to verify.
|
||||
* @param key_table: the tsig key table is used to fetch the key details.
|
||||
* @param now: time to sign the query, the current time.
|
||||
* @return false on failure, like
|
||||
* alloc failure, wireformat malformed, did not verify.
|
||||
*/
|
||||
int tsig_parse_verify_reply(struct tsig_data* tsig, struct sldns_buffer* pkt,
|
||||
struct tsig_key_table* key_table, uint64_t now);
|
||||
|
||||
/**
|
||||
* Calculate reserved space for TSIG.
|
||||
* @param tsig: the tsig data
|
||||
* @return number of bytes to keep reserved for the TSIG added.
|
||||
*/
|
||||
size_t tsig_reserved_space(struct tsig_data* tsig);
|
||||
|
||||
/**
|
||||
* See if the packet has a TSIG record, or not.
|
||||
* @param pkt: the packet.
|
||||
* @return false if malformed or no tsig. If found, the position is
|
||||
* just before the TSIG record. So it can be parsed.
|
||||
*/
|
||||
int tsig_find_rr(struct sldns_buffer* pkt);
|
||||
|
||||
#endif /* UTIL_TSIG_H */
|
||||
|
|
|
|||
Loading…
Reference in a new issue