diff options
| author | Jakob Schlyter <jakob@cvs.openbsd.org> | 2010-08-22 09:24:29 +0000 |
|---|---|---|
| committer | Jakob Schlyter <jakob@cvs.openbsd.org> | 2010-08-22 09:24:29 +0000 |
| commit | 89c8964e24550892497605c496d3bf9f88556503 (patch) | |
| tree | 0078047caf9be3902bdf8607e63b800ded0ffd94 | |
| parent | a4e9b19a51ee0716da73896659ec593d0ecfd2d2 (diff) | |
merge
| -rw-r--r-- | usr.sbin/nsd/axfr.c | 8 | ||||
| -rw-r--r-- | usr.sbin/nsd/configure.ac | 51 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-notify.c | 14 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd-xfer.c | 12 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd.c | 82 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsdc.8 | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/util.c | 10 | ||||
| -rw-r--r-- | usr.sbin/nsd/xfrd-tcp.c | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/zonec.c | 2 |
9 files changed, 72 insertions, 111 deletions
diff --git a/usr.sbin/nsd/axfr.c b/usr.sbin/nsd/axfr.c index ae17388575e..d2d1e625682 100644 --- a/usr.sbin/nsd/axfr.c +++ b/usr.sbin/nsd/axfr.c @@ -32,7 +32,6 @@ query_axfr(struct nsd *nsd, struct query *query) query->maxlen = AXFR_MAX_MESSAGE_LEN; assert(!query_overflow(query)); -#ifdef TSIG /* only keep running values for most packets */ query->tsig_prepare_it = 0; query->tsig_update_it = 1; @@ -41,7 +40,6 @@ query_axfr(struct nsd *nsd, struct query *query) query->tsig_prepare_it = 1; query->tsig_sign_it = 0; } -#endif /* TSIG */ if (query->axfr_zone == NULL) { /* Start AXFR. */ @@ -66,11 +64,9 @@ query_axfr(struct nsd *nsd, struct query *query) = (domain_type *) rbtree_first(nsd->db->domains->names_to_domains); query->axfr_current_rrset = NULL; query->axfr_current_rr = 0; -#ifdef TSIG if(query->tsig.status == TSIG_OK) { query->tsig_sign_it = 1; /* sign first packet in stream */ } -#endif /* TSIG */ query_add_compression_domain(query, query->domain, QHEADERSZ); @@ -135,9 +131,7 @@ query_axfr(struct nsd *nsd, struct query *query) &query->axfr_zone->soa_rrset->rrs[0]); if (added) { ++total_added; -#ifdef TSIG query->tsig_sign_it = 1; /* sign last packet */ -#endif /* TSIG */ query->axfr_is_done = 1; } @@ -146,14 +140,12 @@ return_answer: NSCOUNT_SET(query->packet, 0); ARCOUNT_SET(query->packet, 0); -#ifdef TSIG /* check if it needs tsig signatures */ if(query->tsig.status == TSIG_OK) { if(query->tsig.updates_since_last_prepare >= AXFR_TSIG_SIGN_EVERY_NTH) { query->tsig_sign_it = 1; } } -#endif /* TSIG */ query_clear_compression_tables(query); return QUERY_IN_AXFR; } diff --git a/usr.sbin/nsd/configure.ac b/usr.sbin/nsd/configure.ac index 152cfe7d5b8..b80ba667d07 100644 --- a/usr.sbin/nsd/configure.ac +++ b/usr.sbin/nsd/configure.ac @@ -4,10 +4,9 @@ dnl sinclude(acx_nlnetlabs.m4) -AC_INIT(NSD,3.2.5,nsd-bugs@nlnetlabs.nl) +AC_INIT(NSD,3.2.6,nsd-bugs@nlnetlabs.nl) AC_CONFIG_HEADER([config.h]) -CFLAGS="$CFLAGS" AC_AIX dnl @@ -241,7 +240,7 @@ fi ])dnl # Checks for typedefs, structures, and compiler characteristics. -CHECK_COMPILER_FLAG(O2, [], [ CFLAGS="-g" ]) +CHECK_COMPILER_FLAG(O2, [], [ CFLAGS=`echo $CFLAGS | sed -e "s/-O2//g"` ]) AC_C_CONST AC_C_INLINE AC_TYPE_UID_T @@ -446,6 +445,7 @@ AC_LIBGTOP_CHECK_TYPE(uint64_t, unsigned long long) AC_LIBGTOP_CHECK_TYPE(socklen_t, int) AC_LIBGTOP_CHECK_TYPE(sig_atomic_t, int) AC_LIBGTOP_CHECK_TYPE(ssize_t, int) +AC_LIBGTOP_CHECK_TYPE(suseconds_t, time_t) AC_CHECK_TYPE(in_addr_t, [], [AC_DEFINE([in_addr_t], [uint32_t], [in_addr_t])], [ #if HAVE_SYS_TYPES_H @@ -454,6 +454,7 @@ AC_CHECK_TYPE(in_addr_t, [], [AC_DEFINE([in_addr_t], [uint32_t], [in_addr_t])], #if HAVE_NETINET_IN_H # include <netinet/in.h> #endif]) +ACX_CHECK_SS_FAMILY # Checks for library functions. AC_FUNC_CHOWN @@ -528,11 +529,11 @@ AC_DEFINE_UNQUOTED([FACILITY], $facility, [Define to the default facility for sy dnl dnl Determine the maximum number of interfaces that are allowed dnl -max_interfaces=8 -AC_ARG_WITH([max_interfaces], - AC_HELP_STRING([--with-max_interfaces=number], [Limit on the number of ip-addresses that may be specified]), - [max_interfaces=$withval]) -AC_DEFINE_UNQUOTED([MAX_INTERFACES], $max_interfaces, [Define to the maximum interfaces to serve.]) +max_ips=8 +AC_ARG_WITH([max_ips], + AC_HELP_STRING([--with-max-ips=number], [Limit on the number of ip-addresses that may be specified]), + [max_ips=$withval]) +AC_DEFINE_UNQUOTED([MAX_INTERFACES], $max_ips, [Define to the maximum ip-addresses to serve.]) dnl dnl Determine the default tcp timeout @@ -564,15 +565,6 @@ case "$enable_ipv6" in ;; esac -AC_ARG_ENABLE(dnssec, AC_HELP_STRING([--disable-dnssec], [Disable DNSSEC support.])) -case "$enable_dnssec" in - no) - ;; - yes|*) - AC_DEFINE_UNQUOTED([DNSSEC], [], [Define this to enable DNSSEC (RFCs 4033, 4034, and 4035) support.]) - ;; -esac - AC_ARG_ENABLE(bind8-stats, AC_HELP_STRING([--enable-bind8-stats], [Enables BIND8 like NSTATS & XSTATS])) case "$enable_bind8_stats" in @@ -595,18 +587,8 @@ case "$enable_checking" in ;; esac -AC_ARG_ENABLE(tsig, AC_HELP_STRING([--disable-tsig], [Disable TSIG support])) -case "$enable_tsig" in - no) - ;; - yes|*) - CHECK_SSL - if test x_$HAVE_SSL != x_yes; then - AC_MSG_ERROR(SSL is required to enable TSIG support. Use --with-ssl to specify the location of the SSL libraries or --disable-tsig to disable TSIG support.) - fi - AC_DEFINE([TSIG], [], [Define this to enable TSIG support.]) - ;; -esac +# we need SSL for TSIG (and maybe also for NSEC3). +CHECK_SSL AC_ARG_ENABLE(nsec3, AC_HELP_STRING([--disable-nsec3], [Disable NSEC3 support])) case "$enable_nsec3" in @@ -617,21 +599,12 @@ case "$enable_nsec3" in ;; esac -AC_ARG_ENABLE(nsid, AC_HELP_STRING([--disable-nsid], [Disable NSID support])) -case "$enable_nsid" in - no) - ;; - yes|*) - AC_DEFINE([NSID], [], [Define this to enable NSID support.]) - ;; -esac - AC_ARG_ENABLE(mmap, AC_HELP_STRING([--enable-mmap], [Use mmap instead of malloc. Experimental.])) case "$enable_mmap" in yes) AC_CHECK_HEADERS([sys/mman.h]) AC_LIBGTOP_CHECK_TYPE(uintptr_t, void*) - AC_CHECK_FUNCS([mmap, munmap]) + AC_CHECK_FUNCS([mmap munmap]) AC_DEFINE_UNQUOTED([USE_MMAP_ALLOC], [], [Define this to enable mmap instead of malloc. Experimental.]) ;; no|*) diff --git a/usr.sbin/nsd/nsd-notify.c b/usr.sbin/nsd/nsd-notify.c index 57711e0a1c6..5029cacc4b3 100644 --- a/usr.sbin/nsd/nsd-notify.c +++ b/usr.sbin/nsd/nsd-notify.c @@ -177,7 +177,6 @@ notify_host(int udp_s, struct query* q, struct query *answer, close(udp_s); } -#ifdef TSIG static tsig_key_type* add_key(region_type* region, const char* opt, tsig_algorithm_type** algo) { @@ -241,7 +240,6 @@ add_key(region_type* region, const char* opt, tsig_algorithm_type** algo) tsig_add_key(key); return key; } -#endif /* TSIG */ int main (int argc, char *argv[]) @@ -258,19 +256,15 @@ main (int argc, char *argv[]) const char *port = UDP_PORT; const char *local_port = NULL; region_type *region = region_create(xalloc, free); -#ifdef TSIG tsig_key_type *tsig_key = 0; tsig_record_type tsig; tsig_algorithm_type* algo = NULL; -#endif /* TSIG */ log_init("nsd-notify"); -#ifdef TSIG if(!tsig_init(region)) { log_msg(LOG_ERR, "could not init tsig\n"); exit(1); } -#endif /* TSIG */ srandom((unsigned long) getpid() * (unsigned long) time(NULL)); @@ -296,12 +290,8 @@ main (int argc, char *argv[]) port = optarg; break; case 'y': -#ifdef TSIG if (!(tsig_key = add_key(region, optarg, &algo))) exit(1); -#else - log_msg(LOG_ERR, "option -y given but TSIG not enabled"); -#endif /* TSIG */ break; case 'z': zone = dname_parse(region, optarg); @@ -340,7 +330,6 @@ main (int argc, char *argv[]) buffer_write(q.packet, dname_name(zone), zone->name_size); buffer_write_u16(q.packet, TYPE_SOA); buffer_write_u16(q.packet, CLASS_IN); -#ifdef TSIG if(tsig_key) { assert(algo); tsig_create_record(&tsig, region); @@ -352,7 +341,6 @@ main (int argc, char *argv[]) tsig_append_rr(&tsig, q.packet); ARCOUNT_SET(q.packet, ARCOUNT(q.packet) + 1); } -#endif buffer_flip(q.packet); /* initialize buffer for ack */ @@ -394,7 +382,7 @@ main (int argc, char *argv[]) } for (res = res0; res; res = res->ai_next) { - if (res->ai_addrlen > sizeof(q.addr)) { + if (res->ai_addrlen > (socklen_t)sizeof(q.addr)) { continue; } diff --git a/usr.sbin/nsd/nsd-xfer.c b/usr.sbin/nsd/nsd-xfer.c index fa63a13ffa0..8f8f258e7ce 100644 --- a/usr.sbin/nsd/nsd-xfer.c +++ b/usr.sbin/nsd/nsd-xfer.c @@ -184,7 +184,6 @@ to_alarm(int ATTR_UNUSED(sig)) timeout_flag = 1; } -#ifdef TSIG /* * Read a line from IN. If successful, the line is stripped of * leading and trailing whitespace and non-zero is returned. @@ -292,7 +291,6 @@ read_tsig_key(region_type *region, return key; } -#endif /* TSIG */ /* * Read SIZE bytes from the socket into BUF. Keep reading unless an @@ -783,10 +781,8 @@ main(int argc, char *argv[]) int default_family = DEFAULT_AI_FAMILY; struct sigaction mysigaction; FILE *zone_file; -#ifdef TSIG const char *tsig_key_filename = NULL; tsig_key_type *tsig_key = NULL; -#endif /* TSIG */ axfr_state_type state; log_init("nsd-xfer"); @@ -859,12 +855,8 @@ main(int argc, char *argv[]) break; } case 'T': -#ifdef TSIG tsig_key_filename = optarg; break; -#else - log_msg(LOG_ERR, "option -T given but TSIG not enabled"); -#endif /* TSIG */ case 'v': ++state.verbose; break; @@ -885,7 +877,6 @@ main(int argc, char *argv[]) if (argc == 0 || !zone_filename || !state.zone) usage(); -#ifdef TSIG if (tsig_key_filename) { tsig_algorithm_type *tsig_algo = NULL; tsig_key = read_tsig_key( @@ -902,7 +893,6 @@ main(int argc, char *argv[]) tsig_create_record(state.tsig, region); tsig_init_record(state.tsig, tsig_algo, tsig_key); } -#endif /* TSIG */ mysigaction.sa_handler = to_alarm; sigfillset(&mysigaction.sa_mask); @@ -946,7 +936,7 @@ main(int argc, char *argv[]) } for (res = res0; res; res = res->ai_next) { - if (res->ai_addrlen > sizeof(q.addr)) + if (res->ai_addrlen > (socklen_t)sizeof(q.addr)) continue; /* diff --git a/usr.sbin/nsd/nsd.c b/usr.sbin/nsd/nsd.c index 61c5f0a4530..b2eec51837b 100644 --- a/usr.sbin/nsd/nsd.c +++ b/usr.sbin/nsd/nsd.c @@ -42,9 +42,7 @@ #include "nsd.h" #include "options.h" -#ifdef TSIG #include "tsig.h" -#endif /* TSIG */ /* The server handler... */ static struct nsd nsd; @@ -63,38 +61,36 @@ usage (void) fprintf(stderr, "Name Server Daemon.\n\n"); fprintf(stderr, "Supported options:\n" - " -4 Only listen to IPv4 connections.\n" - " -6 Only listen to IPv6 connections.\n" - " -a ip-address Listen to the specified incoming IP address (may be\n" - " specified multiple times).\n" - " -c configfile Read specified configfile instead of %s.\n" - " -d Enable debug mode (do not fork as a daemon process).\n" + " -4 Only listen to IPv4 connections.\n" + " -6 Only listen to IPv6 connections.\n" + " -a ip-address[@port] Listen to the specified incoming IP address (and port)\n" + " May be specified multiple times).\n" + " -c configfile Read specified configfile instead of %s.\n" + " -d Enable debug mode (do not fork as a daemon process).\n" #ifndef NDEBUG - " -F facilities Specify the debug facilities.\n" + " -F facilities Specify the debug facilities.\n" #endif /* NDEBUG */ - " -f database Specify the database to load.\n" - " -h Print this help information.\n" + " -f database Specify the database to load.\n" + " -h Print this help information.\n" , CONFIGFILE); fprintf(stderr, - " -i identity Specify the identity when queried for id.server CHAOS TXT.\n" -#ifdef NSID - " -I nsid Specify the NSID. This must be a hex string.\n" -#endif /* NSID */ + " -i identity Specify the identity when queried for id.server CHAOS TXT.\n" + " -I nsid Specify the NSID. This must be a hex string.\n" #ifndef NDEBUG - " -L level Specify the debug level.\n" + " -L level Specify the debug level.\n" #endif /* NDEBUG */ - " -l filename Specify the log file.\n" - " -N server-count The number of servers to start.\n" - " -n tcp-count The maximum number of TCP connections per server.\n" - " -P pidfile Specify the PID file to write.\n" - " -p port Specify the port to listen to.\n" - " -s seconds Dump statistics every SECONDS seconds.\n" - " -t chrootdir Change root to specified directory on startup.\n" + " -l filename Specify the log file.\n" + " -N server-count The number of servers to start.\n" + " -n tcp-count The maximum number of TCP connections per server.\n" + " -P pidfile Specify the PID file to write.\n" + " -p port Specify the port to listen to.\n" + " -s seconds Dump statistics every SECONDS seconds.\n" + " -t chrootdir Change root to specified directory on startup.\n" ); fprintf(stderr, - " -u user Change effective uid to the specified user.\n" - " -V level Specify verbosity level.\n" - " -v Print version information.\n" + " -u user Change effective uid to the specified user.\n" + " -V level Specify verbosity level.\n" + " -v Print version information.\n" ); fprintf(stderr, "Version %s. Report bugs to <%s>.\n", PACKAGE_VERSION, PACKAGE_BUGREPORT); @@ -144,6 +140,23 @@ file_inside_chroot(const char* fname, const char* chr) return 0; /* don't strip, don't try file rotation */ } +void +get_ip_port_frm_str(const char* arg, const char** hostname, + const char** port) +{ + /* parse src[@port] option */ + char* delim = NULL; + if (arg) { + delim = strchr(arg, '@'); + } + + if (delim) { + *delim = '\0'; + *port = delim+1; + } + *hostname = arg; +} + /* * Fetch the nsd parent process id from the nsd pidfile @@ -465,7 +478,6 @@ main(int argc, char *argv[]) nsd.identity = optarg; break; case 'I': -#ifdef NSID if (nsd.nsid_len != 0) { /* can only be given once */ break; @@ -478,7 +490,6 @@ main(int argc, char *argv[]) if (hex_pton(optarg, nsd.nsid, nsd.nsid_len) == -1) { error("hex string cannot be parsed '%s' in NSID.", optarg); } -#endif /* NSID */ break; case 'l': nsd.log_filename = optarg; @@ -680,7 +691,6 @@ main(int argc, char *argv[]) #endif /* IPV6 MTU) */ #endif /* defined(INET6) */ -#ifdef NSID if (nsd.nsid_len == 0 && nsd.options->nsid) { if (strlen(nsd.options->nsid) % 2 != 0) { error("the NSID must be a hex string of an even length."); @@ -691,12 +701,11 @@ main(int argc, char *argv[]) error("hex string cannot be parsed '%s' in NSID.", nsd.options->nsid); } } - edns_init_nsid(&nsd.edns_ipv4, nsd.nsid_len); #if defined(INET6) edns_init_nsid(&nsd.edns_ipv6, nsd.nsid_len); #endif /* defined(INET6) */ -#endif /* NSID */ + /* Number of child servers to fork. */ nsd.children = (struct nsd_child *) region_alloc( nsd.region, nsd.child_count * sizeof(struct nsd_child)); @@ -749,13 +758,16 @@ main(int argc, char *argv[]) /* Set up the address info structures with real interface/port data */ for (i = 0; i < nsd.ifs; ++i) { int r; + const char* node = NULL; + const char* service = NULL; /* We don't perform name-lookups */ if (nodes[i] != NULL) hints[i].ai_flags |= AI_NUMERICHOST; + get_ip_port_frm_str(nodes[i], &node, &service); hints[i].ai_socktype = SOCK_DGRAM; - if ((r=getaddrinfo(nodes[i], udp_port, &hints[i], &nsd.udp[i].addr)) != 0) { + if ((r=getaddrinfo(node, (service?service:udp_port), &hints[i], &nsd.udp[i].addr)) != 0) { #ifdef INET6 if(nsd.grab_ip6_optional && hints[0].ai_family == AF_INET6) { log_msg(LOG_WARNING, "No IPv6, fallback to IPv4. getaddrinfo: %s", @@ -770,7 +782,7 @@ main(int argc, char *argv[]) } hints[i].ai_socktype = SOCK_STREAM; - if ((r=getaddrinfo(nodes[i], tcp_port, &hints[i], &nsd.tcp[i].addr)) != 0) { + if ((r=getaddrinfo(node, (service?service:tcp_port), &hints[i], &nsd.tcp[i].addr)) != 0) { error("cannot parse address '%s': getaddrinfo: %s %s", nodes[i]?nodes[i]:"(null)", gai_strerror(r), @@ -813,11 +825,11 @@ main(int argc, char *argv[]) /* endpwent(); */ #endif /* HAVE_GETPWNAM */ -#ifdef TSIG if(!tsig_init(nsd.region)) error("init tsig failed"); +#if defined(HAVE_SSL) key_options_tsig_add(nsd.options); -#endif /* TSIG */ +#endif /* Relativize the pathnames for chroot... */ if (nsd.chrootdir) { diff --git a/usr.sbin/nsd/nsdc.8 b/usr.sbin/nsd/nsdc.8 index 1364dbc094f..1f87099bdf6 100644 --- a/usr.sbin/nsd/nsdc.8 +++ b/usr.sbin/nsd/nsdc.8 @@ -1,4 +1,4 @@ -.TH "NSDC" "8" "Apr 14, 2010" "NLnet Labs" "NSDC 3.2.5" +.TH "NSDC" "8" "@date@" "NLnet Labs" "NSDC @version@" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff --git a/usr.sbin/nsd/util.c b/usr.sbin/nsd/util.c index 0dc81fa9b12..c9f41aedde3 100644 --- a/usr.sbin/nsd/util.c +++ b/usr.sbin/nsd/util.c @@ -261,11 +261,16 @@ mmap_alloc(size_t size) void *base; size += MMAP_ALLOC_HEADER_SIZE; +#ifdef HAVE_MMAP base = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); if (base == MAP_FAILED) { log_msg(LOG_ERR, "mmap failed: %s", strerror(errno)); exit(1); } +#else /* !HAVE_MMAP */ + log_msg(LOG_ERR, "mmap failed: don't have mmap"); + exit(1); +#endif /* HAVE_MMAP */ *((size_t*) base) = size; return (void*)((uintptr_t)base + MMAP_ALLOC_HEADER_SIZE); @@ -283,10 +288,15 @@ mmap_free(void *ptr) base = (void*)((uintptr_t)ptr - MMAP_ALLOC_HEADER_SIZE); size = *((size_t*) base); +#ifdef HAVE_MUNMAP if (munmap(base, size) == -1) { log_msg(LOG_ERR, "munmap failed: %s", strerror(errno)); exit(1); } +#else /* !HAVE_MUNMAP */ + log_msg(LOG_ERR, "munmap failed: don't have munmap"); + exit(1); +#endif /* HAVE_MUNMAP */ } #endif /* USE_MMAP_ALLOC */ diff --git a/usr.sbin/nsd/xfrd-tcp.c b/usr.sbin/nsd/xfrd-tcp.c index f1762cbbcd7..8e59a1ea194 100644 --- a/usr.sbin/nsd/xfrd-tcp.c +++ b/usr.sbin/nsd/xfrd-tcp.c @@ -309,11 +309,9 @@ xfrd_tcp_xfr(xfrd_tcp_set_t* set, xfrd_zone_t* zone) zone->query_id = ID(tcp->packet); zone->msg_seq_nr = 0; zone->msg_rr_count = 0; -#ifdef TSIG if(zone->master->key_options && zone->master->key_options->tsig_key) { xfrd_tsig_sign_request(tcp->packet, &zone->tsig, zone->master); } -#endif /* TSIG */ buffer_flip(tcp->packet); DEBUG(DEBUG_XFRD,1, (LOG_INFO, "sent tcp query with ID %d", zone->query_id)); tcp->msglen = buffer_limit(tcp->packet); diff --git a/usr.sbin/nsd/zonec.c b/usr.sbin/nsd/zonec.c index 4ef618cb601..34a58569def 100644 --- a/usr.sbin/nsd/zonec.c +++ b/usr.sbin/nsd/zonec.c @@ -1219,11 +1219,9 @@ process_rr(void) zc_error_prev_line("CNAME and other data at the same name"); } -#ifdef DNSSEC if (rr->type == TYPE_RRSIG && rr_rrsig_type_covered(rr) == TYPE_SOA) { rrset->zone->is_secure = 1; } -#endif /* Check we have SOA */ if (zone->soa_rrset == NULL) { |