diff options
author | Martin Pelikan <pelikan@cvs.openbsd.org> | 2015-02-07 05:50:01 +0000 |
---|---|---|
committer | Martin Pelikan <pelikan@cvs.openbsd.org> | 2015-02-07 05:50:01 +0000 |
commit | f2dde0ff9147d54176bdc963d8158c83b3f45916 (patch) | |
tree | 77ed476d04c2c04c0ac7de6c942dcea25ed0a4a7 | |
parent | ef685583fc656d434656f36df392c355f25456cd (diff) |
port NSEC3 and TLSA parsing code into dig(1) from ISC BIND 9.10.1-P1
ok henning
-rw-r--r-- | usr.sbin/bind/lib/dns/include/dns/rcode.h | 79 | ||||
-rw-r--r-- | usr.sbin/bind/lib/dns/include/dns/types.h | 91 | ||||
-rw-r--r-- | usr.sbin/bind/lib/dns/rcode.c | 13 | ||||
-rw-r--r-- | usr.sbin/bind/lib/dns/rdata.c | 22 | ||||
-rw-r--r-- | usr.sbin/bind/lib/dns/rdata/generic/nsec3_50.c | 516 | ||||
-rw-r--r-- | usr.sbin/bind/lib/dns/rdata/generic/nsec3_50.h | 118 | ||||
-rw-r--r-- | usr.sbin/bind/lib/dns/rdata/generic/nsec3param_51.c | 319 | ||||
-rw-r--r-- | usr.sbin/bind/lib/dns/rdata/generic/nsec3param_51.h | 38 | ||||
-rw-r--r-- | usr.sbin/bind/lib/dns/rdata/generic/tlsa_52.c | 290 | ||||
-rw-r--r-- | usr.sbin/bind/lib/dns/rdata/generic/tlsa_52.h | 35 | ||||
-rw-r--r-- | usr.sbin/bind/lib/isc/Makefile.in | 4 | ||||
-rw-r--r-- | usr.sbin/bind/lib/isc/base32.c | 423 | ||||
-rw-r--r-- | usr.sbin/bind/lib/isc/include/isc/Makefile.in | 4 | ||||
-rw-r--r-- | usr.sbin/bind/lib/isc/include/isc/base32.h | 140 | ||||
-rw-r--r-- | usr.sbin/bind/lib/isc/include/isc/iterated_hash.h | 47 | ||||
-rw-r--r-- | usr.sbin/bind/lib/isc/include/isc/result.h | 146 |
16 files changed, 2147 insertions, 138 deletions
diff --git a/usr.sbin/bind/lib/dns/include/dns/rcode.h b/usr.sbin/bind/lib/dns/include/dns/rcode.h index 0a4b2edd7f0..34111b225f1 100644 --- a/usr.sbin/bind/lib/dns/include/dns/rcode.h +++ b/usr.sbin/bind/lib/dns/include/dns/rcode.h @@ -1,25 +1,27 @@ /* + * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: rcode.h,v 1.12 2001/01/09 21:53:12 bwelling Exp $ */ +/* $ISC: rcode.h,v 1.13.18.2 2005/04/29 00:16:18 marka Exp $ */ #ifndef DNS_RCODE_H #define DNS_RCODE_H 1 +/*! \file */ + #include <isc/lang.h> #include <dns/types.h> @@ -27,68 +29,83 @@ ISC_LANG_BEGINDECLS isc_result_t dns_rcode_fromtext(dns_rcode_t *rcodep, isc_textregion_t *source); -/* +/*%< * Convert the text 'source' refers to into a DNS error value. * * Requires: - * 'rcodep' is a valid pointer. + *\li 'rcodep' is a valid pointer. * - * 'source' is a valid text region. + *\li 'source' is a valid text region. * * Returns: - * ISC_R_SUCCESS on success - * DNS_R_UNKNOWN type is unknown + *\li #ISC_R_SUCCESS on success + *\li #DNS_R_UNKNOWN type is unknown */ isc_result_t dns_rcode_totext(dns_rcode_t rcode, isc_buffer_t *target); -/* +/*%< * Put a textual representation of error 'rcode' into 'target'. * * Requires: - * 'rcode' is a valid rcode. + *\li 'rcode' is a valid rcode. * - * 'target' is a valid text buffer. + *\li 'target' is a valid text buffer. * * Ensures: - * If the result is success: + *\li If the result is success: * The used space in 'target' is updated. * * Returns: - * ISC_R_SUCCESS on success - * ISC_R_NOSPACE target buffer is too small + *\li #ISC_R_SUCCESS on success + *\li #ISC_R_NOSPACE target buffer is too small */ isc_result_t dns_tsigrcode_fromtext(dns_rcode_t *rcodep, isc_textregion_t *source); -/* +/*%< * Convert the text 'source' refers to into a TSIG/TKEY error value. * * Requires: - * 'rcodep' is a valid pointer. + *\li 'rcodep' is a valid pointer. * - * 'source' is a valid text region. + *\li 'source' is a valid text region. * * Returns: - * ISC_R_SUCCESS on success - * DNS_R_UNKNOWN type is unknown + *\li #ISC_R_SUCCESS on success + *\li #DNS_R_UNKNOWN type is unknown */ isc_result_t dns_tsigrcode_totext(dns_rcode_t rcode, isc_buffer_t *target); -/* +/*%< * Put a textual representation of TSIG/TKEY error 'rcode' into 'target'. * * Requires: - * 'rcode' is a valid TSIG/TKEY error code. + *\li 'rcode' is a valid TSIG/TKEY error code. * - * 'target' is a valid text buffer. + *\li 'target' is a valid text buffer. * * Ensures: - * If the result is success: + *\li If the result is success: * The used space in 'target' is updated. * * Returns: - * ISC_R_SUCCESS on success - * ISC_R_NOSPACE target buffer is too small + *\li #ISC_R_SUCCESS on success + *\li #ISC_R_NOSPACE target buffer is too small + */ + +isc_result_t +dns_hashalg_fromtext(unsigned char *hashalg, isc_textregion_t *source); +/*%< + * Convert the text 'source' refers to into a has algorithm value. + * + * Requires: + *\li 'hashalg' is a valid pointer. + * + *\li 'source' is a valid text region. + * + * Returns: + *\li #ISC_R_SUCCESS on success + *\li #DNS_R_UNKNOWN type is unknown */ ISC_LANG_ENDDECLS diff --git a/usr.sbin/bind/lib/dns/include/dns/types.h b/usr.sbin/bind/lib/dns/include/dns/types.h index 3176ead9b2b..38ebb72717f 100644 --- a/usr.sbin/bind/lib/dns/include/dns/types.h +++ b/usr.sbin/bind/lib/dns/include/dns/types.h @@ -1,36 +1,39 @@ /* - * Copyright (C) 1998-2001 Internet Software Consortium. + * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: types.h,v 1.103 2001/07/23 17:55:37 gson Exp $ */ +/* $ISC: types.h,v 1.109.18.12 2006/05/02 12:55:31 shane Exp $ */ #ifndef DNS_TYPES_H #define DNS_TYPES_H 1 -/* +/*! \file + * \brief * Including this file gives you type declarations suitable for use in * .h files, which lets us avoid circular type reference problems. - * + * \brief * To actually use a type or get declarations of its methods, you must * include the appropriate .h file too. */ #include <isc/types.h> -typedef struct dns_a6context dns_a6context_t; +typedef struct dns_acache dns_acache_t; +typedef struct dns_acacheentry dns_acacheentry_t; +typedef struct dns_acachestats dns_acachestats_t; typedef struct dns_acl dns_acl_t; typedef struct dns_aclelement dns_aclelement_t; typedef struct dns_aclenv dns_aclenv_t; @@ -51,16 +54,21 @@ typedef void dns_dbload_t; typedef void dns_dbnode_t; typedef struct dns_dbtable dns_dbtable_t; typedef void dns_dbversion_t; +typedef struct dns_dlzimplementation dns_dlzimplementation_t; +typedef struct dns_dlzdb dns_dlzdb_t; +typedef struct dns_sdlzimplementation dns_sdlzimplementation_t; typedef struct dns_decompress dns_decompress_t; typedef struct dns_dispatch dns_dispatch_t; typedef struct dns_dispatchevent dns_dispatchevent_t; typedef struct dns_dispatchlist dns_dispatchlist_t; typedef struct dns_dispatchmgr dns_dispatchmgr_t; typedef struct dns_dispentry dns_dispentry_t; +typedef struct dns_dumpctx dns_dumpctx_t; typedef struct dns_fetch dns_fetch_t; typedef struct dns_fixedname dns_fixedname_t; typedef struct dns_forwarders dns_forwarders_t; typedef struct dns_fwdtable dns_fwdtable_t; +typedef isc_uint32_t dns_iterations_t; typedef isc_uint16_t dns_keyflags_t; typedef struct dns_keynode dns_keynode_t; typedef struct dns_keytable dns_keytable_t; @@ -75,8 +83,10 @@ typedef struct dns_name dns_name_t; typedef ISC_LIST(dns_name_t) dns_namelist_t; typedef isc_uint16_t dns_opcode_t; typedef unsigned char dns_offsets_t[128]; +typedef struct dns_order dns_order_t; typedef struct dns_peer dns_peer_t; typedef struct dns_peerlist dns_peerlist_t; +typedef struct dns_portlist dns_portlist_t; typedef struct dns_rbt dns_rbt_t; typedef isc_uint16_t dns_rcode_t; typedef struct dns_rdata dns_rdata_t; @@ -110,9 +120,8 @@ typedef struct dns_zonemgr dns_zonemgr_t; typedef struct dns_zt dns_zt_t; typedef enum { - dns_bitlabel_0 = 0, - dns_bitlabel_1 = 1 -} dns_bitlabel_t; + dns_hash_sha1 = 1 +} dns_hash_t; typedef enum { dns_fwdpolicy_none = 0, @@ -121,11 +130,6 @@ typedef enum { } dns_fwdpolicy_t; typedef enum { - dns_labeltype_ordinary = 0, - dns_labeltype_bitstring = 1 -} dns_labeltype_t; - -typedef enum { dns_namereln_none = 0, dns_namereln_contains = 1, dns_namereln_subdomain = 2, @@ -144,7 +148,8 @@ typedef enum { typedef enum { dns_notifytype_no = 0, dns_notifytype_yes = 1, - dns_notifytype_explicit = 2 + dns_notifytype_explicit = 2, + dns_notifytype_masteronly = 3 } dns_notifytype_t; typedef enum { @@ -156,13 +161,19 @@ typedef enum { dns_dialuptype_passive = 5 } dns_dialuptype_t; +typedef enum { + dns_masterformat_none = 0, + dns_masterformat_text = 1, + dns_masterformat_raw = 2 +} dns_masterformat_t; + /* * These are generated by gen.c. */ #include <dns/enumtype.h> /* Provides dns_rdatatype_t. */ #include <dns/enumclass.h> /* Provides dns_rdataclass_t. */ -/* +/*% * rcodes. */ enum { @@ -198,7 +209,7 @@ enum { #define dns_rcode_badvers ((dns_rcode_t)dns_rcode_badvers) }; -/* +/*% * TSIG errors. */ enum { @@ -207,10 +218,11 @@ enum { dns_tsigerror_badtime = 18, dns_tsigerror_badmode = 19, dns_tsigerror_badname = 20, - dns_tsigerror_badalg = 21 + dns_tsigerror_badalg = 21, + dns_tsigerror_badtrunc = 22 }; -/* +/*% * Opcodes. */ enum { @@ -226,7 +238,7 @@ enum { #define dns_opcode_update ((dns_opcode_t)dns_opcode_update) }; -/* +/*% * Trust levels. Must be kept in sync with trustnames[] in masterdump.c. */ enum { @@ -234,11 +246,11 @@ enum { dns_trust_none = 0, #define dns_trust_none ((dns_trust_t)dns_trust_none) - /* Subject to DNSSEC validation but has not yet been validated */ + /*% Subject to DNSSEC validation but has not yet been validated */ dns_trust_pending = 1, #define dns_trust_pending ((dns_trust_t)dns_trust_pending) - /* Received in the additional section of a response. */ + /*% Received in the additional section of a response. */ dns_trust_additional = 2, #define dns_trust_additional ((dns_trust_t)dns_trust_additional) @@ -268,7 +280,7 @@ enum { #define dns_trust_ultimate ((dns_trust_t)dns_trust_ultimate) }; -/* +/*% * Name checking severites. */ typedef enum { @@ -281,6 +293,9 @@ typedef enum { * Functions. */ typedef void +(*dns_dumpdonefunc_t)(void *, isc_result_t); + +typedef void (*dns_loaddonefunc_t)(void *, isc_result_t); typedef isc_result_t @@ -299,6 +314,20 @@ typedef void (*dns_updatecallback_t)(void *, isc_result_t, dns_message_t *); typedef int -(*dns_rdatasetorderfunc_t)(dns_rdata_t *rdata, void *arg); +(*dns_rdatasetorderfunc_t)(const dns_rdata_t *, const void *); + +typedef isc_boolean_t +(*dns_checkmxfunc_t)(dns_zone_t *, dns_name_t *, dns_name_t *); + +typedef isc_boolean_t +(*dns_checksrvfunc_t)(dns_zone_t *, dns_name_t *, dns_name_t *); + +typedef isc_boolean_t +(*dns_checknsfunc_t)(dns_zone_t *, dns_name_t *, dns_name_t *, + dns_rdataset_t *, dns_rdataset_t *); + +typedef isc_boolean_t +(*dns_isselffunc_t)(dns_view_t *, dns_tsigkey_t *, isc_sockaddr_t *, + isc_sockaddr_t *, dns_rdataclass_t, void *); #endif /* DNS_TYPES_H */ diff --git a/usr.sbin/bind/lib/dns/rcode.c b/usr.sbin/bind/lib/dns/rcode.c index d9ef176ca82..cfabbdff7ee 100644 --- a/usr.sbin/bind/lib/dns/rcode.c +++ b/usr.sbin/bind/lib/dns/rcode.c @@ -114,6 +114,10 @@ { 255, "ALL", 0 }, \ { 0, NULL, 0} +#define HASHALGNAMES \ + { 1, "SHA-1", 0 }, \ + { 0, NULL, 0 } + struct tbl { unsigned int value; const char *name; @@ -125,6 +129,7 @@ static struct tbl tsigrcodes[] = { RCODENAMES TSIGRCODENAMES }; static struct tbl certs[] = { CERTNAMES }; static struct tbl secalgs[] = { SECALGNAMES }; static struct tbl secprotos[] = { SECPROTONAMES }; +static struct tbl hashalgs[] = { HASHALGNAMES }; static struct keyflag { const char *name; @@ -318,6 +323,14 @@ dns_secproto_totext(dns_secproto_t secproto, isc_buffer_t *target) { } isc_result_t +dns_hashalg_fromtext(unsigned char *hashalg, isc_textregion_t *source) { + unsigned int value; + RETERR(dns_mnemonic_fromtext(&value, source, hashalgs, 0xff)); + *hashalg = value; + return (ISC_R_SUCCESS); +} + +isc_result_t dns_keyflags_fromtext(dns_keyflags_t *flagsp, isc_textregion_t *source) { isc_result_t result; diff --git a/usr.sbin/bind/lib/dns/rdata.c b/usr.sbin/bind/lib/dns/rdata.c index 57a1eb414f0..1ffd6469f18 100644 --- a/usr.sbin/bind/lib/dns/rdata.c +++ b/usr.sbin/bind/lib/dns/rdata.c @@ -162,6 +162,9 @@ uint16_fromregion(isc_region_t *region); static isc_uint8_t uint8_fromregion(isc_region_t *region); +static isc_uint8_t +uint8_consume_fromregion(isc_region_t *region); + static isc_result_t mem_tobuffer(isc_buffer_t *target, void *base, unsigned int length); @@ -201,6 +204,9 @@ static void warn_badmx(isc_token_t *token, isc_lex_t *lexer, dns_rdatacallbacks_t *callbacks); +static isc_uint16_t +uint16_consume_fromregion(isc_region_t *region); + static inline int getquad(const void *src, struct in_addr *dst, isc_lex_t *lexer, dns_rdatacallbacks_t *callbacks) @@ -1233,6 +1239,14 @@ uint32_fromregion(isc_region_t *region) { } static isc_uint16_t +uint16_consume_fromregion(isc_region_t *region) { + isc_uint16_t r = uint16_fromregion(region); + + isc_region_consume(region, 2); + return r; +} + +static isc_uint16_t uint16_fromregion(isc_region_t *region) { REQUIRE(region->length >= 2); @@ -1248,6 +1262,14 @@ uint8_fromregion(isc_region_t *region) { return (region->base[0]); } +static isc_uint8_t +uint8_consume_fromregion(isc_region_t *region) { + isc_uint8_t r = uint8_fromregion(region); + + isc_region_consume(region, 1); + return r; +} + static isc_result_t mem_tobuffer(isc_buffer_t *target, void *base, unsigned int length) { isc_region_t tr; diff --git a/usr.sbin/bind/lib/dns/rdata/generic/nsec3_50.c b/usr.sbin/bind/lib/dns/rdata/generic/nsec3_50.c new file mode 100644 index 00000000000..f4c280e6ba9 --- /dev/null +++ b/usr.sbin/bind/lib/dns/rdata/generic/nsec3_50.c @@ -0,0 +1,516 @@ +/* + * Copyright (C) 2008, 2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: nsec3_50.c,v 1.1 2015/02/07 05:50:00 pelikan Exp $ */ + +/* + * Copyright (C) 2004 Nominet, Ltd. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND NOMINET DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* RFC 5155 */ + +#ifndef RDATA_GENERIC_NSEC3_50_C +#define RDATA_GENERIC_NSEC3_50_C + +#include <isc/iterated_hash.h> +#include <isc/base32.h> + +#define RRTYPE_NSEC3_ATTRIBUTES DNS_RDATATYPEATTR_DNSSEC + +static inline isc_result_t +fromtext_nsec3(ARGS_FROMTEXT) { + isc_token_t token; + unsigned char bm[8*1024]; /* 64k bits */ + dns_rdatatype_t covered; + int octet; + int window; + unsigned int flags; + unsigned char hashalg; + isc_buffer_t b; + + REQUIRE(type == 50); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(callbacks); + UNUSED(origin); + UNUSED(options); + + /* Hash. */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, + ISC_FALSE)); + RETTOK(dns_hashalg_fromtext(&hashalg, &token.value.as_textregion)); + RETERR(uint8_tobuffer(hashalg, target)); + + /* Flags. */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + ISC_FALSE)); + flags = token.value.as_ulong; + if (flags > 255U) + RETTOK(ISC_R_RANGE); + RETERR(uint8_tobuffer(flags, target)); + + /* Iterations. */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + ISC_FALSE)); + if (token.value.as_ulong > 0xffffU) + RETTOK(ISC_R_RANGE); + RETERR(uint16_tobuffer(token.value.as_ulong, target)); + + /* salt */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, + ISC_FALSE)); + if (token.value.as_textregion.length > (255*2)) + RETTOK(DNS_R_TEXTTOOLONG); + if (strcmp(DNS_AS_STR(token), "-") == 0) { + RETERR(uint8_tobuffer(0, target)); + } else { + RETERR(uint8_tobuffer(strlen(DNS_AS_STR(token)) / 2, target)); + RETERR(isc_hex_decodestring(DNS_AS_STR(token), target)); + } + + /* + * Next hash a single base32hex word. + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, + ISC_FALSE)); + isc_buffer_init(&b, bm, sizeof(bm)); + RETTOK(isc_base32hexnp_decodestring(DNS_AS_STR(token), &b)); + if (isc_buffer_usedlength(&b) > 0xffU) + RETTOK(ISC_R_RANGE); + RETERR(uint8_tobuffer(isc_buffer_usedlength(&b), target)); + RETERR(mem_tobuffer(target, &bm, isc_buffer_usedlength(&b))); + + memset(bm, 0, sizeof(bm)); + do { + RETERR(isc_lex_getmastertoken(lexer, &token, + isc_tokentype_string, ISC_TRUE)); + if (token.type != isc_tokentype_string) + break; + RETTOK(dns_rdatatype_fromtext(&covered, + &token.value.as_textregion)); + bm[covered/8] |= (0x80>>(covered%8)); + } while (1); + isc_lex_ungettoken(lexer, &token); + for (window = 0; window < 256 ; window++) { + /* + * Find if we have a type in this window. + */ + for (octet = 31; octet >= 0; octet--) + if (bm[window * 32 + octet] != 0) + break; + if (octet < 0) + continue; + RETERR(uint8_tobuffer(window, target)); + RETERR(uint8_tobuffer(octet + 1, target)); + RETERR(mem_tobuffer(target, &bm[window * 32], octet + 1)); + } + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +totext_nsec3(ARGS_TOTEXT) { + isc_region_t sr; + unsigned int i, j, k; + unsigned int window, len; + unsigned char hash; + unsigned char flags; + char buf[sizeof("65535 ")]; + isc_uint32_t iterations; + isc_boolean_t first; + + REQUIRE(rdata->type == 50); + REQUIRE(rdata->length != 0); + + dns_rdata_toregion(rdata, &sr); + + /* Hash */ + hash = uint8_fromregion(&sr); + isc_region_consume(&sr, 1); + snprintf(buf, sizeof buf, "%u ", hash); + RETERR(str_totext(buf, target)); + + /* Flags */ + flags = uint8_fromregion(&sr); + isc_region_consume(&sr, 1); + snprintf(buf, sizeof buf, "%u ", flags); + RETERR(str_totext(buf, target)); + + /* Iterations */ + iterations = uint16_fromregion(&sr); + isc_region_consume(&sr, 2); + snprintf(buf, sizeof buf, "%u ", iterations); + RETERR(str_totext(buf, target)); + + /* Salt */ + j = uint8_fromregion(&sr); + isc_region_consume(&sr, 1); + INSIST(j <= sr.length); + + if (j != 0) { + i = sr.length; + sr.length = j; + RETERR(isc_hex_totext(&sr, 1, "", target)); + sr.length = i - j; + } else + RETERR(str_totext("-", target)); + + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) + RETERR(str_totext(" (", target)); + RETERR(str_totext(tctx->linebreak, target)); + + /* Next hash */ + j = uint8_fromregion(&sr); + isc_region_consume(&sr, 1); + INSIST(j <= sr.length); + + i = sr.length; + sr.length = j; + RETERR(isc_base32hexnp_totext(&sr, 1, "", target)); + sr.length = i - j; + + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) == 0) + RETERR(str_totext(" ", target)); + + /* Types covered */ + first = ISC_TRUE; + for (i = 0; i < sr.length; i += len) { + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) { + RETERR(str_totext(tctx->linebreak, target)); + first = ISC_TRUE; + } + INSIST(i + 2 <= sr.length); + window = sr.base[i]; + len = sr.base[i + 1]; + INSIST(len > 0 && len <= 32); + i += 2; + INSIST(i + len <= sr.length); + for (j = 0; j < len; j++) { + dns_rdatatype_t t; + if (sr.base[i + j] == 0) + continue; + for (k = 0; k < 8; k++) { + if ((sr.base[i + j] & (0x80 >> k)) == 0) + continue; + t = window * 256 + j * 8 + k; + if (!first) + RETERR(str_totext(" ", target)); + first = ISC_FALSE; + if (dns_rdatatype_isknown(t)) { + RETERR(dns_rdatatype_totext(t, target)); + } else { + char buf[sizeof("TYPE65535")]; + snprintf(buf, sizeof buf, "TYPE%u", t); + RETERR(str_totext(buf, target)); + } + } + } + } + + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) + RETERR(str_totext(" )", target)); + + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +fromwire_nsec3(ARGS_FROMWIRE) { + isc_region_t sr, rr; + unsigned int window, lastwindow = 0; + unsigned int len; + unsigned int saltlen, hashlen; + isc_boolean_t first = ISC_TRUE; + unsigned int i; + + REQUIRE(type == 50); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(options); + UNUSED(dctx); + + isc_buffer_activeregion(source, &sr); + rr = sr; + + /* hash(1), flags(1), iteration(2), saltlen(1) */ + if (sr.length < 5U) + RETERR(DNS_R_FORMERR); + saltlen = sr.base[4]; + isc_region_consume(&sr, 5); + + if (sr.length < saltlen) + RETERR(DNS_R_FORMERR); + isc_region_consume(&sr, saltlen); + + if (sr.length < 1U) + RETERR(DNS_R_FORMERR); + hashlen = sr.base[0]; + isc_region_consume(&sr, 1); + + if (sr.length < hashlen) + RETERR(DNS_R_FORMERR); + isc_region_consume(&sr, hashlen); + + for (i = 0; i < sr.length; i += len) { + /* + * Check for overflow. + */ + if (i + 2 > sr.length) + RETERR(DNS_R_FORMERR); + window = sr.base[i]; + len = sr.base[i + 1]; + i += 2; + /* + * Check that bitmap windows are in the correct order. + */ + if (!first && window <= lastwindow) + RETERR(DNS_R_FORMERR); + /* + * Check for legal lengths. + */ + if (len < 1 || len > 32) + RETERR(DNS_R_FORMERR); + /* + * Check for overflow. + */ + if (i + len > sr.length) + RETERR(DNS_R_FORMERR); + /* + * The last octet of the bitmap must be non zero. + */ + if (sr.base[i + len - 1] == 0) + RETERR(DNS_R_FORMERR); + lastwindow = window; + first = ISC_FALSE; + } + if (i != sr.length) + return (DNS_R_EXTRADATA); + RETERR(mem_tobuffer(target, rr.base, rr.length)); + isc_buffer_forward(source, rr.length); + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +towire_nsec3(ARGS_TOWIRE) { + isc_region_t sr; + + REQUIRE(rdata->type == 50); + REQUIRE(rdata->length != 0); + + UNUSED(cctx); + + dns_rdata_toregion(rdata, &sr); + return (mem_tobuffer(target, sr.base, sr.length)); +} + +static inline int +compare_nsec3(ARGS_COMPARE) { + isc_region_t r1; + isc_region_t r2; + + REQUIRE(rdata1->type == rdata2->type); + REQUIRE(rdata1->rdclass == rdata2->rdclass); + REQUIRE(rdata1->type == 50); + REQUIRE(rdata1->length != 0); + REQUIRE(rdata2->length != 0); + + dns_rdata_toregion(rdata1, &r1); + dns_rdata_toregion(rdata2, &r2); + return (isc_region_compare(&r1, &r2)); +} + +static inline isc_result_t +fromstruct_nsec3(ARGS_FROMSTRUCT) { + dns_rdata_nsec3_t *nsec3 = source; + unsigned int i, len, window, lastwindow = 0; + isc_boolean_t first = ISC_TRUE; + + REQUIRE(type == 50); + REQUIRE(source != NULL); + REQUIRE(nsec3->common.rdtype == type); + REQUIRE(nsec3->common.rdclass == rdclass); + REQUIRE(nsec3->typebits != NULL || nsec3->len == 0); + REQUIRE(nsec3->hash == dns_hash_sha1); + + UNUSED(type); + UNUSED(rdclass); + + RETERR(uint8_tobuffer(nsec3->hash, target)); + RETERR(uint8_tobuffer(nsec3->flags, target)); + RETERR(uint16_tobuffer(nsec3->iterations, target)); + RETERR(uint8_tobuffer(nsec3->salt_length, target)); + RETERR(mem_tobuffer(target, nsec3->salt, nsec3->salt_length)); + RETERR(uint8_tobuffer(nsec3->next_length, target)); + RETERR(mem_tobuffer(target, nsec3->next, nsec3->next_length)); + + /* + * Perform sanity check. + */ + for (i = 0; i < nsec3->len ; i += len) { + INSIST(i + 2 <= nsec3->len); + window = nsec3->typebits[i]; + len = nsec3->typebits[i+1]; + i += 2; + INSIST(first || window > lastwindow); + INSIST(len > 0 && len <= 32); + INSIST(i + len <= nsec3->len); + INSIST(nsec3->typebits[i + len - 1] != 0); + lastwindow = window; + first = ISC_FALSE; + } + return (mem_tobuffer(target, nsec3->typebits, nsec3->len)); +} + +static inline isc_result_t +tostruct_nsec3(ARGS_TOSTRUCT) { + isc_region_t region; + dns_rdata_nsec3_t *nsec3 = target; + + REQUIRE(rdata->type == 50); + REQUIRE(target != NULL); + REQUIRE(rdata->length != 0); + + nsec3->common.rdclass = rdata->rdclass; + nsec3->common.rdtype = rdata->type; + ISC_LINK_INIT(&nsec3->common, link); + + region.base = rdata->data; + region.length = rdata->length; + nsec3->hash = uint8_consume_fromregion(®ion); + nsec3->flags = uint8_consume_fromregion(®ion); + nsec3->iterations = uint16_consume_fromregion(®ion); + + nsec3->salt_length = uint8_consume_fromregion(®ion); + nsec3->salt = mem_maybedup(mctx, region.base, nsec3->salt_length); + if (nsec3->salt == NULL) + return (ISC_R_NOMEMORY); + isc_region_consume(®ion, nsec3->salt_length); + + nsec3->next_length = uint8_consume_fromregion(®ion); + nsec3->next = mem_maybedup(mctx, region.base, nsec3->next_length); + if (nsec3->next == NULL) + goto cleanup; + isc_region_consume(®ion, nsec3->next_length); + + nsec3->len = region.length; + nsec3->typebits = mem_maybedup(mctx, region.base, region.length); + if (nsec3->typebits == NULL) + goto cleanup; + + nsec3->mctx = mctx; + return (ISC_R_SUCCESS); + + cleanup: + if (nsec3->next != NULL) + isc_mem_free(mctx, nsec3->next); + isc_mem_free(mctx, nsec3->salt); + return (ISC_R_NOMEMORY); +} + +static inline void +freestruct_nsec3(ARGS_FREESTRUCT) { + dns_rdata_nsec3_t *nsec3 = source; + + REQUIRE(source != NULL); + REQUIRE(nsec3->common.rdtype == 50); + + if (nsec3->mctx == NULL) + return; + + if (nsec3->salt != NULL) + isc_mem_free(nsec3->mctx, nsec3->salt); + if (nsec3->next != NULL) + isc_mem_free(nsec3->mctx, nsec3->next); + if (nsec3->typebits != NULL) + isc_mem_free(nsec3->mctx, nsec3->typebits); + nsec3->mctx = NULL; +} + +static inline isc_result_t +additionaldata_nsec3(ARGS_ADDLDATA) { + REQUIRE(rdata->type == 50); + + UNUSED(rdata); + UNUSED(add); + UNUSED(arg); + + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +digest_nsec3(ARGS_DIGEST) { + isc_region_t r; + + REQUIRE(rdata->type == 50); + + dns_rdata_toregion(rdata, &r); + return ((digest)(arg, &r)); +} + +static inline isc_boolean_t +checkowner_nsec3(ARGS_CHECKOWNER) { + unsigned char owner[NSEC3_MAX_HASH_LENGTH]; + isc_buffer_t buffer; + dns_label_t label; + + REQUIRE(type == 50); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(wildcard); + + /* + * First label is a base32hex string without padding. + */ + dns_name_getlabel(name, 0, &label); + isc_region_consume(&label, 1); + isc_buffer_init(&buffer, owner, sizeof(owner)); + if (isc_base32hexnp_decoderegion(&label, &buffer) == ISC_R_SUCCESS) + return (ISC_TRUE); + + return (ISC_FALSE); +} + +static inline isc_boolean_t +checknames_nsec3(ARGS_CHECKNAMES) { + + REQUIRE(rdata->type == 50); + + UNUSED(rdata); + UNUSED(owner); + UNUSED(bad); + + return (ISC_TRUE); +} + +static inline int +casecompare_nsec3(ARGS_COMPARE) { + return (compare_nsec3(rdata1, rdata2)); +} + +#endif /* RDATA_GENERIC_NSEC3_50_C */ diff --git a/usr.sbin/bind/lib/dns/rdata/generic/nsec3_50.h b/usr.sbin/bind/lib/dns/rdata/generic/nsec3_50.h new file mode 100644 index 00000000000..ffaf8c91ee3 --- /dev/null +++ b/usr.sbin/bind/lib/dns/rdata/generic/nsec3_50.h @@ -0,0 +1,118 @@ +/* + * Copyright (C) 2008, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + + +#ifndef GENERIC_NSEC3_50_H +#define GENERIC_NSEC3_50_H 1 + +/* $Id: nsec3_50.h,v 1.1 2015/02/07 05:50:00 pelikan Exp $ */ + +/*! + * \brief Per RFC 5155 */ + +#include <isc/iterated_hash.h> + +typedef struct dns_rdata_nsec3 { + dns_rdatacommon_t common; + isc_mem_t *mctx; + dns_hash_t hash; + unsigned char flags; + dns_iterations_t iterations; + unsigned char salt_length; + unsigned char next_length; + isc_uint16_t len; + unsigned char *salt; + unsigned char *next; + unsigned char *typebits; +} dns_rdata_nsec3_t; + +/* + * The corresponding NSEC3 interval is OPTOUT indicating possible + * insecure delegations. + */ +#define DNS_NSEC3FLAG_OPTOUT 0x01U + +/*% + * The following flags are used in the private-type record (implemented in + * lib/dns/private.c) which is used to store NSEC3PARAM data during the + * time when it is not legal to have an actual NSEC3PARAM record in the + * zone. They are defined here because the private-type record uses the + * same flags field for the OPTOUT flag above and for the private flags + * below. XXX: This should be considered for refactoring. + */ + +/*% + * Non-standard, private type only. + * + * Create a corresponding NSEC3 chain. + * Once the NSEC3 chain is complete this flag will be removed to signal + * that there is a complete chain. + * + * This flag is automatically set when a NSEC3PARAM record is added to + * the zone via UPDATE. + * + * NSEC3PARAM records containing this flag should never be published, + * but if they are, they should be ignored by RFC 5155 compliant + * nameservers. + */ +#define DNS_NSEC3FLAG_CREATE 0x80U + +/*% + * Non-standard, private type only. + * + * The corresponding NSEC3 set is to be removed once the NSEC chain + * has been generated. + * + * This flag is automatically set when the last active NSEC3PARAM record + * is removed from the zone via UPDATE. + * + * NSEC3PARAM records containing this flag should never be published, + * but if they are, they should be ignored by RFC 5155 compliant + * nameservers. + */ +#define DNS_NSEC3FLAG_REMOVE 0x40U + +/*% + * Non-standard, private type only. + * + * When set with the CREATE flag, a corresponding NSEC3 chain will be + * created when the zone becomes capable of supporting one (i.e., when it + * has a DNSKEY RRset containing at least one NSEC3-capable algorithm). + * Without this flag, NSEC3 chain creation would be attempted immediately, + * fail, and the private type record would be removed. With it, the NSEC3 + * parameters are stored until they can be used. When the zone has the + * necessary prerequisites for NSEC3, then the INITIAL flag can be cleared, + * and the record will be cleaned up normally. + * + * NSEC3PARAM records containing this flag should never be published, but + * if they are, they should be ignored by RFC 5155 compliant nameservers. + */ +#define DNS_NSEC3FLAG_INITIAL 0x20U + +/*% + * Non-standard, private type only. + * + * Prevent the creation of a NSEC chain before the last NSEC3 chain + * is removed. This will normally only be set when the zone is + * transitioning from secure with NSEC3 chains to insecure. + * + * NSEC3PARAM records containing this flag should never be published, + * but if they are, they should be ignored by RFC 5155 compliant + * nameservers. + */ +#define DNS_NSEC3FLAG_NONSEC 0x10U + +#endif /* GENERIC_NSEC3_50_H */ diff --git a/usr.sbin/bind/lib/dns/rdata/generic/nsec3param_51.c b/usr.sbin/bind/lib/dns/rdata/generic/nsec3param_51.c new file mode 100644 index 00000000000..f5c611d6913 --- /dev/null +++ b/usr.sbin/bind/lib/dns/rdata/generic/nsec3param_51.c @@ -0,0 +1,319 @@ +/* + * Copyright (C) 2008, 2009 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: nsec3param_51.c,v 1.1 2015/02/07 05:50:00 pelikan Exp $ */ + +/* + * Copyright (C) 2004 Nominet, Ltd. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND NOMINET DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* RFC 5155 */ + +#ifndef RDATA_GENERIC_NSEC3PARAM_51_C +#define RDATA_GENERIC_NSEC3PARAM_51_C + +#include <isc/iterated_hash.h> +#include <isc/base32.h> + +#define RRTYPE_NSEC3PARAM_ATTRIBUTES (DNS_RDATATYPEATTR_DNSSEC) + +static inline isc_result_t +fromtext_nsec3param(ARGS_FROMTEXT) { + isc_token_t token; + unsigned int flags = 0; + unsigned char hashalg; + + REQUIRE(type == 51); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(callbacks); + UNUSED(origin); + UNUSED(options); + + /* Hash. */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, + ISC_FALSE)); + RETTOK(dns_hashalg_fromtext(&hashalg, &token.value.as_textregion)); + RETERR(uint8_tobuffer(hashalg, target)); + + /* Flags. */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + ISC_FALSE)); + flags = token.value.as_ulong; + if (flags > 255U) + RETTOK(ISC_R_RANGE); + RETERR(uint8_tobuffer(flags, target)); + + /* Iterations. */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + ISC_FALSE)); + if (token.value.as_ulong > 0xffffU) + RETTOK(ISC_R_RANGE); + RETERR(uint16_tobuffer(token.value.as_ulong, target)); + + /* Salt. */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, + ISC_FALSE)); + if (token.value.as_textregion.length > (255*2)) + RETTOK(DNS_R_TEXTTOOLONG); + if (strcmp(DNS_AS_STR(token), "-") == 0) { + RETERR(uint8_tobuffer(0, target)); + } else { + RETERR(uint8_tobuffer(strlen(DNS_AS_STR(token)) / 2, target)); + RETERR(isc_hex_decodestring(DNS_AS_STR(token), target)); + } + + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +totext_nsec3param(ARGS_TOTEXT) { + isc_region_t sr; + unsigned int i, j; + unsigned char hash; + unsigned char flags; + char buf[sizeof("65535 ")]; + isc_uint32_t iterations; + + REQUIRE(rdata->type == 51); + REQUIRE(rdata->length != 0); + + UNUSED(tctx); + + dns_rdata_toregion(rdata, &sr); + + hash = uint8_fromregion(&sr); + isc_region_consume(&sr, 1); + + flags = uint8_fromregion(&sr); + isc_region_consume(&sr, 1); + + iterations = uint16_fromregion(&sr); + isc_region_consume(&sr, 2); + + snprintf(buf, sizeof buf, "%u ", hash); + RETERR(str_totext(buf, target)); + + snprintf(buf, sizeof buf, "%u ", flags); + RETERR(str_totext(buf, target)); + + snprintf(buf, sizeof buf, "%u ", iterations); + RETERR(str_totext(buf, target)); + + j = uint8_fromregion(&sr); + isc_region_consume(&sr, 1); + INSIST(j <= sr.length); + + if (j != 0) { + i = sr.length; + sr.length = j; + RETERR(isc_hex_totext(&sr, 1, "", target)); + sr.length = i - j; + } else + RETERR(str_totext("-", target)); + + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +fromwire_nsec3param(ARGS_FROMWIRE) { + isc_region_t sr, rr; + unsigned int saltlen; + + REQUIRE(type == 51); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(options); + UNUSED(dctx); + + isc_buffer_activeregion(source, &sr); + rr = sr; + + /* hash(1), flags(1), iterations(2), saltlen(1) */ + if (sr.length < 5U) + RETERR(DNS_R_FORMERR); + saltlen = sr.base[4]; + isc_region_consume(&sr, 5); + + if (sr.length < saltlen) + RETERR(DNS_R_FORMERR); + isc_region_consume(&sr, saltlen); + RETERR(mem_tobuffer(target, rr.base, rr.length)); + isc_buffer_forward(source, rr.length); + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +towire_nsec3param(ARGS_TOWIRE) { + isc_region_t sr; + + REQUIRE(rdata->type == 51); + REQUIRE(rdata->length != 0); + + UNUSED(cctx); + + dns_rdata_toregion(rdata, &sr); + return (mem_tobuffer(target, sr.base, sr.length)); +} + +static inline int +compare_nsec3param(ARGS_COMPARE) { + isc_region_t r1; + isc_region_t r2; + + REQUIRE(rdata1->type == rdata2->type); + REQUIRE(rdata1->rdclass == rdata2->rdclass); + REQUIRE(rdata1->type == 51); + REQUIRE(rdata1->length != 0); + REQUIRE(rdata2->length != 0); + + dns_rdata_toregion(rdata1, &r1); + dns_rdata_toregion(rdata2, &r2); + return (isc_region_compare(&r1, &r2)); +} + +static inline isc_result_t +fromstruct_nsec3param(ARGS_FROMSTRUCT) { + dns_rdata_nsec3param_t *nsec3param = source; + + REQUIRE(type == 51); + REQUIRE(source != NULL); + REQUIRE(nsec3param->common.rdtype == type); + REQUIRE(nsec3param->common.rdclass == rdclass); + + UNUSED(type); + UNUSED(rdclass); + + RETERR(uint8_tobuffer(nsec3param->hash, target)); + RETERR(uint8_tobuffer(nsec3param->flags, target)); + RETERR(uint16_tobuffer(nsec3param->iterations, target)); + RETERR(uint8_tobuffer(nsec3param->salt_length, target)); + RETERR(mem_tobuffer(target, nsec3param->salt, + nsec3param->salt_length)); + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +tostruct_nsec3param(ARGS_TOSTRUCT) { + isc_region_t region; + dns_rdata_nsec3param_t *nsec3param = target; + + REQUIRE(rdata->type == 51); + REQUIRE(target != NULL); + REQUIRE(rdata->length != 0); + + nsec3param->common.rdclass = rdata->rdclass; + nsec3param->common.rdtype = rdata->type; + ISC_LINK_INIT(&nsec3param->common, link); + + region.base = rdata->data; + region.length = rdata->length; + nsec3param->hash = uint8_consume_fromregion(®ion); + nsec3param->flags = uint8_consume_fromregion(®ion); + nsec3param->iterations = uint16_consume_fromregion(®ion); + + nsec3param->salt_length = uint8_consume_fromregion(®ion); + nsec3param->salt = mem_maybedup(mctx, region.base, + nsec3param->salt_length); + if (nsec3param->salt == NULL) + return (ISC_R_NOMEMORY); + isc_region_consume(®ion, nsec3param->salt_length); + + nsec3param->mctx = mctx; + return (ISC_R_SUCCESS); +} + +static inline void +freestruct_nsec3param(ARGS_FREESTRUCT) { + dns_rdata_nsec3param_t *nsec3param = source; + + REQUIRE(source != NULL); + REQUIRE(nsec3param->common.rdtype == 51); + + if (nsec3param->mctx == NULL) + return; + + if (nsec3param->salt != NULL) + isc_mem_free(nsec3param->mctx, nsec3param->salt); + nsec3param->mctx = NULL; +} + +static inline isc_result_t +additionaldata_nsec3param(ARGS_ADDLDATA) { + REQUIRE(rdata->type == 51); + + UNUSED(rdata); + UNUSED(add); + UNUSED(arg); + + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +digest_nsec3param(ARGS_DIGEST) { + isc_region_t r; + + REQUIRE(rdata->type == 51); + + dns_rdata_toregion(rdata, &r); + return ((digest)(arg, &r)); +} + +static inline isc_boolean_t +checkowner_nsec3param(ARGS_CHECKOWNER) { + + REQUIRE(type == 51); + + UNUSED(name); + UNUSED(type); + UNUSED(rdclass); + UNUSED(wildcard); + + return (ISC_TRUE); +} + +static inline isc_boolean_t +checknames_nsec3param(ARGS_CHECKNAMES) { + + REQUIRE(rdata->type == 51); + + UNUSED(rdata); + UNUSED(owner); + UNUSED(bad); + + return (ISC_TRUE); +} + +static inline int +casecompare_nsec3param(ARGS_COMPARE) { + return (compare_nsec3param(rdata1, rdata2)); +} + +#endif /* RDATA_GENERIC_NSEC3PARAM_51_C */ diff --git a/usr.sbin/bind/lib/dns/rdata/generic/nsec3param_51.h b/usr.sbin/bind/lib/dns/rdata/generic/nsec3param_51.h new file mode 100644 index 00000000000..8204b3a7132 --- /dev/null +++ b/usr.sbin/bind/lib/dns/rdata/generic/nsec3param_51.h @@ -0,0 +1,38 @@ +/* + * Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + + +#ifndef GENERIC_NSEC3PARAM_51_H +#define GENERIC_NSEC3PARAM_51_H 1 + +/* $Id: nsec3param_51.h,v 1.1 2015/02/07 05:50:00 pelikan Exp $ */ + +/*! + * \brief Per RFC 5155 */ + +#include <isc/iterated_hash.h> + +typedef struct dns_rdata_nsec3param { + dns_rdatacommon_t common; + isc_mem_t *mctx; + dns_hash_t hash; + unsigned char flags; /* DNS_NSEC3FLAG_* */ + dns_iterations_t iterations; + unsigned char salt_length; + unsigned char *salt; +} dns_rdata_nsec3param_t; + +#endif /* GENERIC_NSEC3PARAM_51_H */ diff --git a/usr.sbin/bind/lib/dns/rdata/generic/tlsa_52.c b/usr.sbin/bind/lib/dns/rdata/generic/tlsa_52.c new file mode 100644 index 00000000000..7229ea37602 --- /dev/null +++ b/usr.sbin/bind/lib/dns/rdata/generic/tlsa_52.c @@ -0,0 +1,290 @@ +/* + * Copyright (C) 2012, 2014 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: tlsa_52.c,v 1.1 2015/02/07 05:50:00 pelikan Exp $ */ + +/* rfc6698.txt */ + +#ifndef RDATA_GENERIC_TLSA_52_C +#define RDATA_GENERIC_TLSA_52_C + +#define RRTYPE_TLSA_ATTRIBUTES 0 + +static inline isc_result_t +fromtext_tlsa(ARGS_FROMTEXT) { + isc_token_t token; + + REQUIRE(type == 52); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(origin); + UNUSED(options); + UNUSED(callbacks); + + /* + * Certificate Usage. + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + ISC_FALSE)); + if (token.value.as_ulong > 0xffU) + RETTOK(ISC_R_RANGE); + RETERR(uint8_tobuffer(token.value.as_ulong, target)); + + /* + * Selector. + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + ISC_FALSE)); + if (token.value.as_ulong > 0xffU) + RETTOK(ISC_R_RANGE); + RETERR(uint8_tobuffer(token.value.as_ulong, target)); + + /* + * Matching type. + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + ISC_FALSE)); + if (token.value.as_ulong > 0xffU) + RETTOK(ISC_R_RANGE); + RETERR(uint8_tobuffer(token.value.as_ulong, target)); + + /* + * Certificate Association Data. + */ + return (isc_hex_tobuffer(lexer, target, -1)); +} + +static inline isc_result_t +totext_tlsa(ARGS_TOTEXT) { + isc_region_t sr; + char buf[sizeof("64000 ")]; + unsigned int n; + + REQUIRE(rdata->type == 52); + REQUIRE(rdata->length != 0); + + UNUSED(tctx); + + dns_rdata_toregion(rdata, &sr); + + /* + * Certificate Usage. + */ + n = uint8_fromregion(&sr); + isc_region_consume(&sr, 1); + snprintf(buf, sizeof buf, "%u ", n); + RETERR(str_totext(buf, target)); + + /* + * Selector. + */ + n = uint8_fromregion(&sr); + isc_region_consume(&sr, 1); + snprintf(buf, sizeof buf, "%u ", n); + RETERR(str_totext(buf, target)); + + /* + * Matching type. + */ + n = uint8_fromregion(&sr); + isc_region_consume(&sr, 1); + snprintf(buf, sizeof buf, "%u", n); + RETERR(str_totext(buf, target)); + + /* + * Certificate Association Data. + */ + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) + RETERR(str_totext(" (", target)); + RETERR(str_totext(tctx->linebreak, target)); + if (tctx->width == 0) /* No splitting */ + RETERR(isc_hex_totext(&sr, 0, "", target)); + else + RETERR(isc_hex_totext(&sr, tctx->width - 2, + tctx->linebreak, target)); + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) + RETERR(str_totext(" )", target)); + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +fromwire_tlsa(ARGS_FROMWIRE) { + isc_region_t sr; + + REQUIRE(type == 52); + + UNUSED(type); + UNUSED(rdclass); + UNUSED(dctx); + UNUSED(options); + + isc_buffer_activeregion(source, &sr); + + if (sr.length < 3) + return (ISC_R_UNEXPECTEDEND); + + isc_buffer_forward(source, sr.length); + return (mem_tobuffer(target, sr.base, sr.length)); +} + +static inline isc_result_t +towire_tlsa(ARGS_TOWIRE) { + isc_region_t sr; + + REQUIRE(rdata->type == 52); + REQUIRE(rdata->length != 0); + + UNUSED(cctx); + + dns_rdata_toregion(rdata, &sr); + return (mem_tobuffer(target, sr.base, sr.length)); +} + +static inline int +compare_tlsa(ARGS_COMPARE) { + isc_region_t r1; + isc_region_t r2; + + REQUIRE(rdata1->type == rdata2->type); + REQUIRE(rdata1->rdclass == rdata2->rdclass); + REQUIRE(rdata1->type == 52); + REQUIRE(rdata1->length != 0); + REQUIRE(rdata2->length != 0); + + dns_rdata_toregion(rdata1, &r1); + dns_rdata_toregion(rdata2, &r2); + return (isc_region_compare(&r1, &r2)); +} + +static inline isc_result_t +fromstruct_tlsa(ARGS_FROMSTRUCT) { + dns_rdata_tlsa_t *tlsa = source; + + REQUIRE(type == 52); + REQUIRE(source != NULL); + REQUIRE(tlsa->common.rdtype == type); + REQUIRE(tlsa->common.rdclass == rdclass); + + UNUSED(type); + UNUSED(rdclass); + + RETERR(uint8_tobuffer(tlsa->usage, target)); + RETERR(uint8_tobuffer(tlsa->selector, target)); + RETERR(uint8_tobuffer(tlsa->match, target)); + + return (mem_tobuffer(target, tlsa->data, tlsa->length)); +} + +static inline isc_result_t +tostruct_tlsa(ARGS_TOSTRUCT) { + dns_rdata_tlsa_t *tlsa = target; + isc_region_t region; + + REQUIRE(rdata->type == 52); + REQUIRE(target != NULL); + REQUIRE(rdata->length != 0); + + tlsa->common.rdclass = rdata->rdclass; + tlsa->common.rdtype = rdata->type; + ISC_LINK_INIT(&tlsa->common, link); + + dns_rdata_toregion(rdata, ®ion); + + tlsa->usage = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + tlsa->selector = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + tlsa->match = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + tlsa->length = region.length; + + tlsa->data = mem_maybedup(mctx, region.base, region.length); + if (tlsa->data == NULL) + return (ISC_R_NOMEMORY); + + tlsa->mctx = mctx; + return (ISC_R_SUCCESS); +} + +static inline void +freestruct_tlsa(ARGS_FREESTRUCT) { + dns_rdata_tlsa_t *tlsa = source; + + REQUIRE(tlsa != NULL); + REQUIRE(tlsa->common.rdtype == 52); + + if (tlsa->mctx == NULL) + return; + + if (tlsa->data != NULL) + isc_mem_free(tlsa->mctx, tlsa->data); + tlsa->mctx = NULL; +} + +static inline isc_result_t +additionaldata_tlsa(ARGS_ADDLDATA) { + REQUIRE(rdata->type == 52); + + UNUSED(rdata); + UNUSED(add); + UNUSED(arg); + + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +digest_tlsa(ARGS_DIGEST) { + isc_region_t r; + + REQUIRE(rdata->type == 52); + + dns_rdata_toregion(rdata, &r); + + return ((digest)(arg, &r)); +} + +static inline isc_boolean_t +checkowner_tlsa(ARGS_CHECKOWNER) { + + REQUIRE(type == 52); + + UNUSED(name); + UNUSED(type); + UNUSED(rdclass); + UNUSED(wildcard); + + return (ISC_TRUE); +} + +static inline isc_boolean_t +checknames_tlsa(ARGS_CHECKNAMES) { + + REQUIRE(rdata->type == 52); + + UNUSED(rdata); + UNUSED(owner); + UNUSED(bad); + + return (ISC_TRUE); +} + +static inline int +casecompare_tlsa(ARGS_COMPARE) { + return (compare_tlsa(rdata1, rdata2)); +} + +#endif /* RDATA_GENERIC_TLSA_52_C */ diff --git a/usr.sbin/bind/lib/dns/rdata/generic/tlsa_52.h b/usr.sbin/bind/lib/dns/rdata/generic/tlsa_52.h new file mode 100644 index 00000000000..0e29cb0945d --- /dev/null +++ b/usr.sbin/bind/lib/dns/rdata/generic/tlsa_52.h @@ -0,0 +1,35 @@ +/* + * Copyright (C) 2012, 2014 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: tlsa_52.h,v 1.1 2015/02/07 05:50:00 pelikan Exp $ */ + +#ifndef GENERIC_TLSA_52_H +#define GENERIC_TLSA_52_H 1 + +/*! + * \brief per rfc6698.txt + */ +typedef struct dns_rdata_tlsa { + dns_rdatacommon_t common; + isc_mem_t *mctx; + isc_uint8_t usage; + isc_uint8_t selector; + isc_uint8_t match; + isc_uint16_t length; + unsigned char *data; +} dns_rdata_tlsa_t; + +#endif /* GENERIC_TLSA_52_H */ diff --git a/usr.sbin/bind/lib/isc/Makefile.in b/usr.sbin/bind/lib/isc/Makefile.in index 3b93c655561..b375f272653 100644 --- a/usr.sbin/bind/lib/isc/Makefile.in +++ b/usr.sbin/bind/lib/isc/Makefile.in @@ -52,7 +52,7 @@ WIN32OBJS = win32/condition.@O@ win32/dir.@O@ win32/file.@O@ \ # Alphabetically OBJS = @ISC_EXTRA_OBJS@ \ - assertions.@O@ base64.@O@ bitstring.@O@ buffer.@O@ \ + assertions.@O@ base32.@O@ base64.@O@ bitstring.@O@ buffer.@O@ \ bufferlist.@O@ commandline.@O@ error.@O@ event.@O@ \ shuffle.@O@ \ hash.@O@ heap.@O@ hex.@O@ hmacmd5.@O@ hmacsha.@O@\ @@ -66,7 +66,7 @@ OBJS = @ISC_EXTRA_OBJS@ \ # Alphabetically SRCS = @ISC_EXTRA_SRCS@ \ - assertions.c base64.c bitstring.c buffer.c \ + assertions.c base32.c base64.c bitstring.c buffer.c \ bufferlist.c commandline.c error.c event.c \ shuffle.c \ heap.c hex.c hmacmd5.c hmacsha.c \ diff --git a/usr.sbin/bind/lib/isc/base32.c b/usr.sbin/bind/lib/isc/base32.c new file mode 100644 index 00000000000..8abf8124bae --- /dev/null +++ b/usr.sbin/bind/lib/isc/base32.c @@ -0,0 +1,423 @@ +/* + * Copyright (C) 2008, 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: base32.c,v 1.1 2015/02/07 05:50:00 pelikan Exp $ */ + +/*! \file */ + +#include <config.h> + +#include <isc/base32.h> +#include <isc/buffer.h> +#include <isc/lex.h> +#include <isc/region.h> +#include <isc/string.h> +#include <isc/util.h> + +#define RETERR(x) do { \ + isc_result_t _r = (x); \ + if (_r != ISC_R_SUCCESS) \ + return (_r); \ + } while (0) + + +/*@{*/ +/*! + * These static functions are also present in lib/dns/rdata.c. I'm not + * sure where they should go. -- bwelling + */ +static isc_result_t +str_totext(const char *source, isc_buffer_t *target); + +static isc_result_t +mem_tobuffer(isc_buffer_t *target, void *base, unsigned int length); + +/*@}*/ + +static const char base32[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567=abcdefghijklmnopqrstuvwxyz234567"; +static const char base32hex[] = + "0123456789ABCDEFGHIJKLMNOPQRSTUV=0123456789abcdefghijklmnopqrstuv"; + +static isc_result_t +base32_totext(isc_region_t *source, int wordlength, const char *wordbreak, + isc_buffer_t *target, const char base[], char pad) +{ + char buf[9]; + unsigned int loops = 0; + + if (wordlength >= 0 && wordlength < 8) + wordlength = 8; + + memset(buf, 0, sizeof(buf)); + while (source->length > 0) { + buf[0] = base[((source->base[0]>>3)&0x1f)]; /* 5 + */ + if (source->length == 1) { + buf[1] = base[(source->base[0]<<2)&0x1c]; + buf[2] = buf[3] = buf[4] = pad; + buf[5] = buf[6] = buf[7] = pad; + RETERR(str_totext(buf, target)); + break; + } + buf[1] = base[((source->base[0]<<2)&0x1c)| /* 3 = 8 */ + ((source->base[1]>>6)&0x03)]; /* 2 + */ + buf[2] = base[((source->base[1]>>1)&0x1f)]; /* 5 + */ + if (source->length == 2) { + buf[3] = base[(source->base[1]<<4)&0x10]; + buf[4] = buf[5] = buf[6] = buf[7] = pad; + RETERR(str_totext(buf, target)); + break; + } + buf[3] = base[((source->base[1]<<4)&0x10)| /* 1 = 8 */ + ((source->base[2]>>4)&0x0f)]; /* 4 + */ + if (source->length == 3) { + buf[4] = base[(source->base[2]<<1)&0x1e]; + buf[5] = buf[6] = buf[7] = pad; + RETERR(str_totext(buf, target)); + break; + } + buf[4] = base[((source->base[2]<<1)&0x1e)| /* 4 = 8 */ + ((source->base[3]>>7)&0x01)]; /* 1 + */ + buf[5] = base[((source->base[3]>>2)&0x1f)]; /* 5 + */ + if (source->length == 4) { + buf[6] = base[(source->base[3]<<3)&0x18]; + buf[7] = pad; + RETERR(str_totext(buf, target)); + break; + } + buf[6] = base[((source->base[3]<<3)&0x18)| /* 2 = 8 */ + ((source->base[4]>>5)&0x07)]; /* 3 + */ + buf[7] = base[source->base[4]&0x1f]; /* 5 = 8 */ + RETERR(str_totext(buf, target)); + isc_region_consume(source, 5); + + loops++; + if (source->length != 0 && wordlength >= 0 && + (int)((loops + 1) * 8) >= wordlength) + { + loops = 0; + RETERR(str_totext(wordbreak, target)); + } + } + if (source->length > 0) + isc_region_consume(source, source->length); + return (ISC_R_SUCCESS); +} + +isc_result_t +isc_base32_totext(isc_region_t *source, int wordlength, + const char *wordbreak, isc_buffer_t *target) +{ + return (base32_totext(source, wordlength, wordbreak, target, + base32, '=')); +} + +isc_result_t +isc_base32hex_totext(isc_region_t *source, int wordlength, + const char *wordbreak, isc_buffer_t *target) +{ + return (base32_totext(source, wordlength, wordbreak, target, + base32hex, '=')); +} + +isc_result_t +isc_base32hexnp_totext(isc_region_t *source, int wordlength, + const char *wordbreak, isc_buffer_t *target) +{ + return (base32_totext(source, wordlength, wordbreak, target, + base32hex, 0)); +} + +/*% + * State of a base32 decoding process in progress. + */ +typedef struct { + int length; /*%< Desired length of binary data or -1 */ + isc_buffer_t *target; /*%< Buffer for resulting binary data */ + int digits; /*%< Number of buffered base32 digits */ + isc_boolean_t seen_end; /*%< True if "=" end marker seen */ + int val[8]; + const char *base; /*%< Which encoding we are using */ + int seen_32; /*%< Number of significant bytes if non zero */ + isc_boolean_t pad; /*%< Expect padding */ +} base32_decode_ctx_t; + +static inline void +base32_decode_init(base32_decode_ctx_t *ctx, int length, const char base[], + isc_boolean_t pad, isc_buffer_t *target) +{ + ctx->digits = 0; + ctx->seen_end = ISC_FALSE; + ctx->seen_32 = 0; + ctx->length = length; + ctx->target = target; + ctx->base = base; + ctx->pad = pad; +} + +static inline isc_result_t +base32_decode_char(base32_decode_ctx_t *ctx, int c) { + char *s; + unsigned int last; + + if (ctx->seen_end) + return (ISC_R_BADBASE32); + if ((s = strchr(ctx->base, c)) == NULL) + return (ISC_R_BADBASE32); + last = (unsigned int)(s - ctx->base); + + /* + * Handle lower case. + */ + if (last > 32) + last -= 33; + + /* + * Check that padding is contiguous. + */ + if (last != 32 && ctx->seen_32 != 0) + return (ISC_R_BADBASE32); + + /* + * If padding is not permitted flag padding as a error. + */ + if (last == 32 && !ctx->pad) + return (ISC_R_BADBASE32); + + /* + * Check that padding starts at the right place and that + * bits that should be zero are. + * Record how many significant bytes in answer (seen_32). + */ + if (last == 32 && ctx->seen_32 == 0) + switch (ctx->digits) { + case 0: + case 1: + return (ISC_R_BADBASE32); + case 2: + if ((ctx->val[1]&0x03) != 0) + return (ISC_R_BADBASE32); + ctx->seen_32 = 1; + break; + case 3: + return (ISC_R_BADBASE32); + case 4: + if ((ctx->val[3]&0x0f) != 0) + return (ISC_R_BADBASE32); + ctx->seen_32 = 3; + break; + case 5: + if ((ctx->val[4]&0x01) != 0) + return (ISC_R_BADBASE32); + ctx->seen_32 = 3; + break; + case 6: + return (ISC_R_BADBASE32); + case 7: + if ((ctx->val[6]&0x07) != 0) + return (ISC_R_BADBASE32); + ctx->seen_32 = 4; + break; + } + + /* + * Zero fill pad values. + */ + ctx->val[ctx->digits++] = (last == 32) ? 0 : last; + + if (ctx->digits == 8) { + int n = 5; + unsigned char buf[5]; + + if (ctx->seen_32 != 0) { + ctx->seen_end = ISC_TRUE; + n = ctx->seen_32; + } + buf[0] = (ctx->val[0]<<3)|(ctx->val[1]>>2); + buf[1] = (ctx->val[1]<<6)|(ctx->val[2]<<1)|(ctx->val[3]>>4); + buf[2] = (ctx->val[3]<<4)|(ctx->val[4]>>1); + buf[3] = (ctx->val[4]<<7)|(ctx->val[5]<<2)|(ctx->val[6]>>3); + buf[4] = (ctx->val[6]<<5)|(ctx->val[7]); + RETERR(mem_tobuffer(ctx->target, buf, n)); + if (ctx->length >= 0) { + if (n > ctx->length) + return (ISC_R_BADBASE32); + else + ctx->length -= n; + } + ctx->digits = 0; + } + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +base32_decode_finish(base32_decode_ctx_t *ctx) { + + if (ctx->length > 0) + return (ISC_R_UNEXPECTEDEND); + /* + * Add missing padding if required. + */ + if (!ctx->pad && ctx->digits != 0) { + ctx->pad = ISC_TRUE; + do { + RETERR(base32_decode_char(ctx, '=')); + } while (ctx->digits != 0); + } + if (ctx->digits != 0) + return (ISC_R_BADBASE32); + return (ISC_R_SUCCESS); +} + +static isc_result_t +base32_tobuffer(isc_lex_t *lexer, const char base[], isc_boolean_t pad, + isc_buffer_t *target, int length) +{ + base32_decode_ctx_t ctx; + isc_textregion_t *tr; + isc_token_t token; + isc_boolean_t eol; + + base32_decode_init(&ctx, length, base, pad, target); + + while (!ctx.seen_end && (ctx.length != 0)) { + unsigned int i; + + if (length > 0) + eol = ISC_FALSE; + else + eol = ISC_TRUE; + RETERR(isc_lex_getmastertoken(lexer, &token, + isc_tokentype_string, eol)); + if (token.type != isc_tokentype_string) + break; + tr = &token.value.as_textregion; + for (i = 0; i < tr->length; i++) + RETERR(base32_decode_char(&ctx, tr->base[i])); + } + if (ctx.length < 0 && !ctx.seen_end) + isc_lex_ungettoken(lexer, &token); + RETERR(base32_decode_finish(&ctx)); + return (ISC_R_SUCCESS); +} + +isc_result_t +isc_base32_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length) { + return (base32_tobuffer(lexer, base32, ISC_TRUE, target, length)); +} + +isc_result_t +isc_base32hex_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length) { + return (base32_tobuffer(lexer, base32hex, ISC_TRUE, target, length)); +} + +isc_result_t +isc_base32hexnp_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length) { + return (base32_tobuffer(lexer, base32hex, ISC_FALSE, target, length)); +} + +static isc_result_t +base32_decodestring(const char *cstr, const char base[], isc_boolean_t pad, + isc_buffer_t *target) +{ + base32_decode_ctx_t ctx; + + base32_decode_init(&ctx, -1, base, pad, target); + for (;;) { + int c = *cstr++; + if (c == '\0') + break; + if (c == ' ' || c == '\t' || c == '\n' || c== '\r') + continue; + RETERR(base32_decode_char(&ctx, c)); + } + RETERR(base32_decode_finish(&ctx)); + return (ISC_R_SUCCESS); +} + +isc_result_t +isc_base32_decodestring(const char *cstr, isc_buffer_t *target) { + return (base32_decodestring(cstr, base32, ISC_TRUE, target)); +} + +isc_result_t +isc_base32hex_decodestring(const char *cstr, isc_buffer_t *target) { + return (base32_decodestring(cstr, base32hex, ISC_TRUE, target)); +} + +isc_result_t +isc_base32hexnp_decodestring(const char *cstr, isc_buffer_t *target) { + return (base32_decodestring(cstr, base32hex, ISC_FALSE, target)); +} + +static isc_result_t +base32_decoderegion(isc_region_t *source, const char base[], + isc_boolean_t pad, isc_buffer_t *target) +{ + base32_decode_ctx_t ctx; + + base32_decode_init(&ctx, -1, base, pad, target); + while (source->length != 0) { + int c = *source->base; + RETERR(base32_decode_char(&ctx, c)); + isc_region_consume(source, 1); + } + RETERR(base32_decode_finish(&ctx)); + return (ISC_R_SUCCESS); +} + +isc_result_t +isc_base32_decoderegion(isc_region_t *source, isc_buffer_t *target) { + return (base32_decoderegion(source, base32, ISC_TRUE, target)); +} + +isc_result_t +isc_base32hex_decoderegion(isc_region_t *source, isc_buffer_t *target) { + return (base32_decoderegion(source, base32hex, ISC_TRUE, target)); +} + +isc_result_t +isc_base32hexnp_decoderegion(isc_region_t *source, isc_buffer_t *target) { + return (base32_decoderegion(source, base32hex, ISC_FALSE, target)); +} + +static isc_result_t +str_totext(const char *source, isc_buffer_t *target) { + unsigned int l; + isc_region_t region; + + isc_buffer_availableregion(target, ®ion); + l = strlen(source); + + if (l > region.length) + return (ISC_R_NOSPACE); + + memmove(region.base, source, l); + isc_buffer_add(target, l); + return (ISC_R_SUCCESS); +} + +static isc_result_t +mem_tobuffer(isc_buffer_t *target, void *base, unsigned int length) { + isc_region_t tr; + + isc_buffer_availableregion(target, &tr); + if (length > tr.length) + return (ISC_R_NOSPACE); + memmove(tr.base, base, length); + isc_buffer_add(target, length); + return (ISC_R_SUCCESS); +} diff --git a/usr.sbin/bind/lib/isc/include/isc/Makefile.in b/usr.sbin/bind/lib/isc/include/isc/Makefile.in index 10e8e916ee7..418fce0d814 100644 --- a/usr.sbin/bind/lib/isc/include/isc/Makefile.in +++ b/usr.sbin/bind/lib/isc/include/isc/Makefile.in @@ -26,11 +26,11 @@ top_srcdir = @top_srcdir@ # machine generated. The latter are handled specially in the # install target below. # -HEADERS = app.h assertions.h base64.h bitstring.h boolean.h buffer.h \ +HEADERS = app.h assertions.h base32.h base64.h bitstring.h boolean.h buffer.h \ bufferlist.h commandline.h entropy.h error.h event.h \ eventclass.h file.h formatcheck.h fsaccess.h \ hash.h heap.h hex.h hmacmd5.h \ - interfaceiter.h @ISC_IPV6_H@ lang.h lcg.h lex.h \ + interfaceiter.h @ISC_IPV6_H@ lang.h lex.h \ lfsr.h lib.h list.h log.h magic.h md5.h mem.h msgcat.h msgs.h \ mutexblock.h netaddr.h ondestroy.h os.h parseint.h \ print.h quota.h random.h ratelimiter.h \ diff --git a/usr.sbin/bind/lib/isc/include/isc/base32.h b/usr.sbin/bind/lib/isc/include/isc/base32.h new file mode 100644 index 00000000000..347b8ed40a0 --- /dev/null +++ b/usr.sbin/bind/lib/isc/include/isc/base32.h @@ -0,0 +1,140 @@ +/* + * Copyright (C) 2008, 2014 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef ISC_BASE32_H +#define ISC_BASE32_H 1 + +/*! \file */ + +/* + * Routines for manipulating base 32 and base 32 hex encoded data. + * Based on RFC 4648. + * + * Base 32 hex preserves the sort order of data when it is encoded / + * decoded. + * + * Base 32 hex "np" is base 32 hex but no padding is produced or accepted. + */ + +#include <isc/lang.h> +#include <isc/types.h> + +ISC_LANG_BEGINDECLS + +/*** + *** Functions + ***/ + +isc_result_t +isc_base32_totext(isc_region_t *source, int wordlength, + const char *wordbreak, isc_buffer_t *target); +isc_result_t +isc_base32hex_totext(isc_region_t *source, int wordlength, + const char *wordbreak, isc_buffer_t *target); +isc_result_t +isc_base32hexnp_totext(isc_region_t *source, int wordlength, + const char *wordbreak, isc_buffer_t *target); +/*!< + * \brief Convert data into base32 encoded text. + * + * Notes: + *\li The base32 encoded text in 'target' will be divided into + * words of at most 'wordlength' characters, separated by + * the 'wordbreak' string. No parentheses will surround + * the text. + * + * Requires: + *\li 'source' is a region containing binary data + *\li 'target' is a text buffer containing available space + *\li 'wordbreak' points to a null-terminated string of + * zero or more whitespace characters + * + * Ensures: + *\li target will contain the base32 encoded version of the data + * in source. The 'used' pointer in target will be advanced as + * necessary. + */ + +isc_result_t +isc_base32_decodestring(const char *cstr, isc_buffer_t *target); +isc_result_t +isc_base32hex_decodestring(const char *cstr, isc_buffer_t *target); +isc_result_t +isc_base32hexnp_decodestring(const char *cstr, isc_buffer_t *target); +/*!< + * \brief Decode a null-terminated string in base32, base32hex, or + * base32hex non-padded. + * + * Requires: + *\li 'cstr' is non-null. + *\li 'target' is a valid buffer. + * + * Returns: + *\li #ISC_R_SUCCESS -- the entire decoded representation of 'cstring' + * fit in 'target'. + *\li #ISC_R_BADBASE32 -- 'cstr' is not a valid base32 encoding. + * + * Other error returns are any possible error code from: + *\li isc_lex_create(), + *\li isc_lex_openbuffer(), + *\li isc_base32_tobuffer(). + */ + +isc_result_t +isc_base32_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length); +isc_result_t +isc_base32hex_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length); +isc_result_t +isc_base32hexnp_tobuffer(isc_lex_t *lexer, isc_buffer_t *target, int length); +/*!< + * \brief Convert text encoded in base32, base32hex, or base32hex + * non-padded from a lexer context into data. + * + * Requires: + *\li 'lex' is a valid lexer context + *\li 'target' is a buffer containing binary data + *\li 'length' is an integer + * + * Ensures: + *\li target will contain the data represented by the base32 encoded + * string parsed by the lexer. No more than length bytes will be read, + * if length is positive. The 'used' pointer in target will be + * advanced as necessary. + */ + +isc_result_t +isc_base32_decoderegion(isc_region_t *source, isc_buffer_t *target); +isc_result_t +isc_base32hex_decoderegion(isc_region_t *source, isc_buffer_t *target); +isc_result_t +isc_base32hexnp_decoderegion(isc_region_t *source, isc_buffer_t *target); +/*!< + * \brief Decode a packed (no white space permitted) region in + * base32, base32hex or base32hex non-padded. + * + * Requires: + *\li 'source' is a valid region. + *\li 'target' is a valid buffer. + * + * Returns: + *\li #ISC_R_SUCCESS -- the entire decoded representation of 'cstring' + * fit in 'target'. + *\li #ISC_R_BADBASE32 -- 'source' is not a valid base32 encoding. + */ + +ISC_LANG_ENDDECLS + +#endif /* ISC_BASE32_H */ diff --git a/usr.sbin/bind/lib/isc/include/isc/iterated_hash.h b/usr.sbin/bind/lib/isc/include/isc/iterated_hash.h new file mode 100644 index 00000000000..9f8484df161 --- /dev/null +++ b/usr.sbin/bind/lib/isc/include/isc/iterated_hash.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2008, 2014 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: iterated_hash.h,v 1.1 2015/02/07 05:50:00 pelikan Exp $ */ + +#ifndef ISC_ITERATED_HASH_H +#define ISC_ITERATED_HASH_H 1 + +#include <isc/lang.h> +#include <isc/sha1.h> + +/* + * The maximal hash length that can be encoded in a name + * using base32hex. floor(255/8)*5 + */ +#define NSEC3_MAX_HASH_LENGTH 155 + +/* + * The maximum has that can be encoded in a single label using + * base32hex. floor(63/8)*5 + */ +#define NSEC3_MAX_LABEL_HASH 35 + +ISC_LANG_BEGINDECLS + +int isc_iterated_hash(unsigned char out[NSEC3_MAX_HASH_LENGTH], + unsigned int hashalg, int iterations, + const unsigned char *salt, int saltlength, + const unsigned char *in, int inlength); + + +ISC_LANG_ENDDECLS + +#endif /* ISC_ITERATED_HASH_H */ diff --git a/usr.sbin/bind/lib/isc/include/isc/result.h b/usr.sbin/bind/lib/isc/include/isc/result.h index 01dbe3139c1..2e4fbaffc6c 100644 --- a/usr.sbin/bind/lib/isc/include/isc/result.h +++ b/usr.sbin/bind/lib/isc/include/isc/result.h @@ -1,21 +1,21 @@ /* - * Copyright (C) 1998-2002 Internet Software Consortium. + * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1998-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: result.h,v 1.57.2.2 2002/03/26 00:55:09 marka Exp $ */ +/* $ISC: result.h,v 1.62.18.4 2005/06/22 22:05:49 marka Exp $ */ #ifndef ISC_RESULT_H #define ISC_RESULT_H 1 @@ -23,74 +23,76 @@ #include <isc/lang.h> #include <isc/types.h> -#define ISC_R_SUCCESS 0 /* success */ -#define ISC_R_NOMEMORY 1 /* out of memory */ -#define ISC_R_TIMEDOUT 2 /* timed out */ -#define ISC_R_NOTHREADS 3 /* no available threads */ -#define ISC_R_ADDRNOTAVAIL 4 /* address not available */ -#define ISC_R_ADDRINUSE 5 /* address in use */ -#define ISC_R_NOPERM 6 /* permission denied */ -#define ISC_R_NOCONN 7 /* no pending connections */ -#define ISC_R_NETUNREACH 8 /* network unreachable */ -#define ISC_R_HOSTUNREACH 9 /* host unreachable */ -#define ISC_R_NETDOWN 10 /* network down */ -#define ISC_R_HOSTDOWN 11 /* host down */ -#define ISC_R_CONNREFUSED 12 /* connection refused */ -#define ISC_R_NORESOURCES 13 /* not enough free resources */ -#define ISC_R_EOF 14 /* end of file */ -#define ISC_R_BOUND 15 /* socket already bound */ -#define ISC_R_RELOAD 16 /* reload */ -#define ISC_R_LOCKBUSY 17 /* lock busy */ -#define ISC_R_EXISTS 18 /* already exists */ -#define ISC_R_NOSPACE 19 /* ran out of space */ -#define ISC_R_CANCELED 20 /* operation canceled */ -#define ISC_R_NOTBOUND 21 /* socket is not bound */ -#define ISC_R_SHUTTINGDOWN 22 /* shutting down */ -#define ISC_R_NOTFOUND 23 /* not found */ -#define ISC_R_UNEXPECTEDEND 24 /* unexpected end of input */ -#define ISC_R_FAILURE 25 /* generic failure */ -#define ISC_R_IOERROR 26 /* I/O error */ -#define ISC_R_NOTIMPLEMENTED 27 /* not implemented */ -#define ISC_R_UNBALANCED 28 /* unbalanced parentheses */ -#define ISC_R_NOMORE 29 /* no more */ -#define ISC_R_INVALIDFILE 30 /* invalid file */ -#define ISC_R_BADBASE64 31 /* bad base64 encoding */ -#define ISC_R_UNEXPECTEDTOKEN 32 /* unexpected token */ -#define ISC_R_QUOTA 33 /* quota reached */ -#define ISC_R_UNEXPECTED 34 /* unexpected error */ -#define ISC_R_ALREADYRUNNING 35 /* already running */ -#define ISC_R_IGNORE 36 /* ignore */ -#define ISC_R_MASKNONCONTIG 37 /* addr mask not contiguous */ -#define ISC_R_FILENOTFOUND 38 /* file not found */ -#define ISC_R_FILEEXISTS 39 /* file already exists */ -#define ISC_R_NOTCONNECTED 40 /* socket is not connected */ -#define ISC_R_RANGE 41 /* out of range */ -#define ISC_R_NOENTROPY 42 /* out of entropy */ -#define ISC_R_MULTICAST 43 /* invalid use of multicast */ -#define ISC_R_NOTFILE 44 /* not a file */ -#define ISC_R_NOTDIRECTORY 45 /* not a directory */ -#define ISC_R_QUEUEFULL 46 /* queue is full */ -#define ISC_R_FAMILYMISMATCH 47 /* address family mismatch */ -#define ISC_R_FAMILYNOSUPPORT 48 /* AF not supported */ -#define ISC_R_BADHEX 49 /* bad hex encoding */ -#define ISC_R_TOOMANYOPENFILES 50 /* too many open files */ -#define ISC_R_NOTBLOCKING 51 /* not blocking */ -#define ISC_R_UNBALANCEDQUOTES 52 /* unbalanced quotes */ -#define ISC_R_INPROGRESS 53 /* operation in progress */ -#define ISC_R_CONNECTIONRESET 54 /* connection reset */ -#define ISC_R_SOFTQUOTA 55 /* soft quota reached */ -#define ISC_R_BADNUMBER 56 /* not a valid number */ +#define ISC_R_SUCCESS 0 /*%< success */ +#define ISC_R_NOMEMORY 1 /*%< out of memory */ +#define ISC_R_TIMEDOUT 2 /*%< timed out */ +#define ISC_R_NOTHREADS 3 /*%< no available threads */ +#define ISC_R_ADDRNOTAVAIL 4 /*%< address not available */ +#define ISC_R_ADDRINUSE 5 /*%< address in use */ +#define ISC_R_NOPERM 6 /*%< permission denied */ +#define ISC_R_NOCONN 7 /*%< no pending connections */ +#define ISC_R_NETUNREACH 8 /*%< network unreachable */ +#define ISC_R_HOSTUNREACH 9 /*%< host unreachable */ +#define ISC_R_NETDOWN 10 /*%< network down */ +#define ISC_R_HOSTDOWN 11 /*%< host down */ +#define ISC_R_CONNREFUSED 12 /*%< connection refused */ +#define ISC_R_NORESOURCES 13 /*%< not enough free resources */ +#define ISC_R_EOF 14 /*%< end of file */ +#define ISC_R_BOUND 15 /*%< socket already bound */ +#define ISC_R_RELOAD 16 /*%< reload */ +#define ISC_R_LOCKBUSY 17 /*%< lock busy */ +#define ISC_R_EXISTS 18 /*%< already exists */ +#define ISC_R_NOSPACE 19 /*%< ran out of space */ +#define ISC_R_CANCELED 20 /*%< operation canceled */ +#define ISC_R_NOTBOUND 21 /*%< socket is not bound */ +#define ISC_R_SHUTTINGDOWN 22 /*%< shutting down */ +#define ISC_R_NOTFOUND 23 /*%< not found */ +#define ISC_R_UNEXPECTEDEND 24 /*%< unexpected end of input */ +#define ISC_R_FAILURE 25 /*%< generic failure */ +#define ISC_R_IOERROR 26 /*%< I/O error */ +#define ISC_R_NOTIMPLEMENTED 27 /*%< not implemented */ +#define ISC_R_UNBALANCED 28 /*%< unbalanced parentheses */ +#define ISC_R_NOMORE 29 /*%< no more */ +#define ISC_R_INVALIDFILE 30 /*%< invalid file */ +#define ISC_R_BADBASE64 31 /*%< bad base64 encoding */ +#define ISC_R_UNEXPECTEDTOKEN 32 /*%< unexpected token */ +#define ISC_R_QUOTA 33 /*%< quota reached */ +#define ISC_R_UNEXPECTED 34 /*%< unexpected error */ +#define ISC_R_ALREADYRUNNING 35 /*%< already running */ +#define ISC_R_IGNORE 36 /*%< ignore */ +#define ISC_R_MASKNONCONTIG 37 /*%< addr mask not contiguous */ +#define ISC_R_FILENOTFOUND 38 /*%< file not found */ +#define ISC_R_FILEEXISTS 39 /*%< file already exists */ +#define ISC_R_NOTCONNECTED 40 /*%< socket is not connected */ +#define ISC_R_RANGE 41 /*%< out of range */ +#define ISC_R_NOENTROPY 42 /*%< out of entropy */ +#define ISC_R_MULTICAST 43 /*%< invalid use of multicast */ +#define ISC_R_NOTFILE 44 /*%< not a file */ +#define ISC_R_NOTDIRECTORY 45 /*%< not a directory */ +#define ISC_R_QUEUEFULL 46 /*%< queue is full */ +#define ISC_R_FAMILYMISMATCH 47 /*%< address family mismatch */ +#define ISC_R_FAMILYNOSUPPORT 48 /*%< AF not supported */ +#define ISC_R_BADHEX 49 /*%< bad hex encoding */ +#define ISC_R_TOOMANYOPENFILES 50 /*%< too many open files */ +#define ISC_R_NOTBLOCKING 51 /*%< not blocking */ +#define ISC_R_UNBALANCEDQUOTES 52 /*%< unbalanced quotes */ +#define ISC_R_INPROGRESS 53 /*%< operation in progress */ +#define ISC_R_CONNECTIONRESET 54 /*%< connection reset */ +#define ISC_R_SOFTQUOTA 55 /*%< soft quota reached */ +#define ISC_R_BADNUMBER 56 /*%< not a valid number */ +#define ISC_R_DISABLED 57 /*%< disabled */ +#define ISC_R_MAXSIZE 58 /*%< max size */ +#define ISC_R_BADADDRESSFORM 59 /*%< invalid address format */ +#define ISC_R_BADBASE32 60 /*%< bad base32 encoding */ -/* - * Not a result code: the number of results. - */ -#define ISC_R_NRESULTS 57 +/*% Not a result code: the number of results. */ +#define ISC_R_NRESULTS 61 ISC_LANG_BEGINDECLS const char * isc_result_totext(isc_result_t); -/* +/*%< * Convert an isc_result_t into a string message describing the result. */ |