diff options
| author | Jakob Schlyter <jakob@cvs.openbsd.org> | 2003-11-18 14:14:09 +0000 |
|---|---|---|
| committer | Jakob Schlyter <jakob@cvs.openbsd.org> | 2003-11-18 14:14:09 +0000 |
| commit | a3684c7a7fae3c0a0ad3d9641d29affc2b8aed03 (patch) | |
| tree | bd1bf1ed050890b02d624a1468c39c2822f5ce45 /usr.sbin/bind/lib/dns | |
| parent | 2177e8980dbcbd0b8006b290bb9de8e8565df3ba (diff) | |
update to BIND v9.2.3. ok todd@
Diffstat (limited to 'usr.sbin/bind/lib/dns')
61 files changed, 1175 insertions, 477 deletions
diff --git a/usr.sbin/bind/lib/dns/Makefile.in b/usr.sbin/bind/lib/dns/Makefile.in index 125df367fd5..f3899929673 100644 --- a/usr.sbin/bind/lib/dns/Makefile.in +++ b/usr.sbin/bind/lib/dns/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2001 Internet Software Consortium. +# Copyright (C) 1998-2001, 2003 Internet Software Consortium. # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -13,7 +13,7 @@ # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# $ISC: Makefile.in,v 1.126.2.1 2001/11/15 01:24:06 marka Exp $ +# $ISC: Makefile.in,v 1.126.2.4 2003/10/09 06:47:59 marka Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -30,17 +30,21 @@ CINCLUDES = -I. ${DNS_INCLUDES} ${ISC_INCLUDES} CDEFINES = CWARNINGS = +ISCLIBS = ../../lib/isc/libisc.@A@ + +ISCDEPLIBS = ../../lib/isc/libisc.@A@ + LIBS = @LIBS@ # Alphabetically -DSTOBJS = sec/dst/dst_api.@O@ \ - sec/dst/dst_lib.@O@ sec/dst/dst_parse.@O@ \ - sec/dst/dst_result.@O@ sec/dst/gssapi_link.@O@ \ - sec/dst/gssapictx.@O@ sec/dst/hmac_link.@O@ \ - sec/dst/key.@O@ sec/dst/openssl_link.@O@ \ - sec/dst/openssldh_link.@O@ sec/dst/openssldsa_link.@O@ \ - sec/dst/opensslrsa_link.@O@ +DSTOBJS = sec/dst/dst_api.@O@ sec/dst/dst_lib.@O@ sec/dst/dst_parse.@O@ \ + sec/dst/dst_result.@O@ sec/dst/hmac_link.@O@ sec/dst/key.@O@ + +OPENSSLOBJS = sec/dst/openssl_link.@O@ sec/dst/openssldh_link.@O@ \ + sec/dst/openssldsa_link.@O@ sec/dst/opensslrsa_link.@O@ + +GSSAPIOBJS = sec/dst/gssapi_link.@O@ sec/dst/gssapictx.@O@ # Alphabetically OBJS = a6.@O@ acl.@O@ adb.@O@ byaddr.@O@ \ @@ -56,7 +60,7 @@ OBJS = a6.@O@ acl.@O@ adb.@O@ byaddr.@O@ \ stats.@O@ tcpmsg.@O@ time.@O@ timer.@O@ tkey.@O@ \ tsig.@O@ ttl.@O@ validator.@O@ \ version.@O@ view.@O@ xfrin.@O@ zone.@O@ zonekey.@O@ zt.@O@ \ - ${OTHEROBJS} ${DSTOBJS} + ${OTHEROBJS} ${DSTOBJS} ${OPENSSLOBJS} ${GSSAPIOBJS} # Alphabetically SRCS = a6.c acl.c adb.c byaddr.c \ @@ -98,7 +102,27 @@ libdns.la: ${OBJS} ${LIBTOOL} --mode=link \ ${CC} ${ALL_CFLAGS} -o libdns.la -rpath ${libdir} \ -version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \ - ${OBJS} ${LIBS} + ${OBJS} ${LIBS} ${ISCLIBS} + +libdstcypto.@SA@: ${OPENSSLOBJS} + ${AR} ${ARFLAGS} $@ ${OPENSSLOBJS} + ${RANLIB} $@ + +libdstcypto.la: ${OPENSSLOBJS} + ${LIBTOOL} --mode=link \ + ${CC} ${ALL_CFLAGS} -o $@ -rpath ${libdir} \ + -version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \ + ${OPENSSLOBJS} ${LIBS} + +libdstgssapi.@SA@: ${GSSAPIOBJS} + ${AR} ${ARFLAGS} $@ ${GSSAPIOBJS} + ${RANLIB} $@ + +libdstgssapi.la: ${GSSAPIOBJS} + ${LIBTOOL} --mode=link \ + ${CC} ${ALL_CFLAGS} -o $@ -rpath ${libdir} \ + -version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \ + ${GSSAPIOBJS} ${LIBS} timestamp: libdns.@A@ touch timestamp diff --git a/usr.sbin/bind/lib/dns/adb.c b/usr.sbin/bind/lib/dns/adb.c index 72f54871c67..fdf56543a0f 100644 --- a/usr.sbin/bind/lib/dns/adb.c +++ b/usr.sbin/bind/lib/dns/adb.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: adb.c,v 1.181.2.4.4.2 2003/02/17 07:05:07 marka Exp $ */ +/* $ISC: adb.c,v 1.181.2.14 2003/10/10 00:30:14 marka Exp $ */ /* * Implementation notes @@ -87,6 +87,7 @@ */ #define ADB_CACHE_MINIMUM 10 /* seconds */ #define ADB_CACHE_MAXIMUM 86400 /* seconds (86400 = 24 hours) */ +#define ADB_ENTRY_WINDOW 1800 /* seconds */ /* * Wake up every CLEAN_SECONDS and clean CLEAN_BUCKETS buckets, so that all @@ -341,7 +342,7 @@ static isc_result_t dbfind_a6(dns_adbname_t *, isc_stdtime_t); #define NAME_IS_DEAD 0x40000000 #define NAME_HINT_OK DNS_ADBFIND_HINTOK #define NAME_GLUE_OK DNS_ADBFIND_GLUEOK -#define NAME_STARTATROOT DNS_ADBFIND_STARTATROOT +#define NAME_STARTATZONE DNS_ADBFIND_STARTATZONE #define NAME_DEAD(n) (((n)->flags & NAME_IS_DEAD) != 0) #define NAME_NEEDSPOKE(n) (((n)->flags & NAME_NEEDS_POKE) != 0) #define NAME_GLUEOK(n) (((n)->flags & NAME_GLUE_OK) != 0) @@ -382,7 +383,7 @@ static isc_result_t dbfind_a6(dns_adbname_t *, isc_stdtime_t); #define FIND_WANTEMPTYEVENT(fn) (((fn)->options & DNS_ADBFIND_EMPTYEVENT) != 0) #define FIND_AVOIDFETCHES(fn) (((fn)->options & DNS_ADBFIND_AVOIDFETCHES) \ != 0) -#define FIND_STARTATROOT(fn) (((fn)->options & DNS_ADBFIND_STARTATROOT) \ +#define FIND_STARTATZONE(fn) (((fn)->options & DNS_ADBFIND_STARTATZONE) \ != 0) #define FIND_HINTOK(fn) (((fn)->options & DNS_ADBFIND_HINTOK) != 0) #define FIND_GLUEOK(fn) (((fn)->options & DNS_ADBFIND_GLUEOK) != 0) @@ -406,8 +407,8 @@ static isc_result_t dbfind_a6(dns_adbname_t *, isc_stdtime_t); #define GLUE_OK(nf, o) (!NAME_GLUEOK(nf) || (((o) & DNS_ADBFIND_GLUEOK) != 0)) #define HINT_OK(nf, o) (!NAME_HINTOK(nf) || (((o) & DNS_ADBFIND_HINTOK) != 0)) #define GLUEHINT_OK(nf, o) (GLUE_OK(nf, o) || HINT_OK(nf, o)) -#define STARTATROOT_MATCHES(nf, o) (((nf)->flags & NAME_STARTATROOT) == \ - ((o) & DNS_ADBFIND_STARTATROOT)) +#define STARTATZONE_MATCHES(nf, o) (((nf)->flags & NAME_STARTATZONE) == \ + ((o) & DNS_ADBFIND_STARTATZONE)) #define ENTER_LEVEL 50 #define EXIT_LEVEL ENTER_LEVEL @@ -496,6 +497,7 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset, isc_result_t result; dns_adb_t *adb; dns_adbnamehook_t *nh; + dns_adbnamehook_t *anh; dns_rdata_t rdata = DNS_RDATA_INIT; struct in_addr ina; struct in6_addr in6a; @@ -561,17 +563,26 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset, link_entry(adb, addr_bucket, entry); } else { - foundentry->refcnt++; - nh->entry = foundentry; + for (anh = ISC_LIST_HEAD(adbname->v4); + anh != NULL; + anh = ISC_LIST_NEXT(anh, plink)) + if (anh->entry == foundentry) + break; + if (anh == NULL) { + foundentry->refcnt++; + nh->entry = foundentry; + } else + free_adbnamehook(adb, &nh); } new_addresses_added = ISC_TRUE; - if (rdtype == dns_rdatatype_a) - ISC_LIST_APPEND(adbname->v4, nh, plink); - else - ISC_LIST_APPEND(adbname->v6, nh, plink); + if (nh != NULL) { + if (rdtype == dns_rdatatype_a) + ISC_LIST_APPEND(adbname->v4, nh, plink); + else + ISC_LIST_APPEND(adbname->v6, nh, plink); + } nh = NULL; - result = dns_rdataset_next(rdataset); } @@ -582,7 +593,11 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset, if (addr_bucket != DNS_ADB_INVALIDBUCKET) UNLOCK(&adb->entrylocks[addr_bucket]); - rdataset->ttl = ttlclamp(rdataset->ttl); + if (rdataset->trust == dns_trust_glue || + rdataset->trust == dns_trust_additional) + rdataset->ttl = ADB_CACHE_MINIMUM; + else + rdataset->ttl = ttlclamp(rdataset->ttl); if (rdtype == dns_rdatatype_a) { DP(NCACHE_LEVEL, "expire_v4 set to MIN(%u,%u) import_rdataset", @@ -749,6 +764,7 @@ check_expire_namehooks(dns_adbname_t *name, isc_stdtime_t now) { name->partial_result &= ~DNS_ADBFIND_INET; } name->expire_v4 = INT_MAX; + name->fetch_err = FIND_ERR_UNEXPECTED; } /* @@ -761,6 +777,7 @@ check_expire_namehooks(dns_adbname_t *name, isc_stdtime_t now) { name->partial_result &= ~DNS_ADBFIND_INET6; } name->expire_v6 = INT_MAX; + name->fetch6_err = FIND_ERR_UNEXPECTED; } /* @@ -1775,7 +1792,7 @@ find_name_and_lock(dns_adb_t *adb, dns_name_t *name, dns_adbname_t *adbname; int bucket; - bucket = dns_name_hash(name, ISC_FALSE) % NBUCKETS; + bucket = dns_fullname_hash(name, ISC_FALSE) % NBUCKETS; if (*bucketp == DNS_ADB_INVALIDBUCKET) { LOCK(&adb->namelocks[bucket]); @@ -1791,7 +1808,7 @@ find_name_and_lock(dns_adb_t *adb, dns_name_t *name, if (!NAME_DEAD(adbname)) { if (dns_name_equal(name, &adbname->name) && GLUEHINT_OK(adbname, options) - && STARTATROOT_MATCHES(adbname, options)) + && STARTATZONE_MATCHES(adbname, options)) return (adbname); } adbname = ISC_LIST_NEXT(adbname, plink); @@ -2107,10 +2124,10 @@ timer_cleanup(isc_task_t *task, isc_event_t *ev) { /* * Call our cleanup routines. */ - INSIST(cleanup_names(adb, adb->next_cleanbucket, now) == - ISC_FALSE); - INSIST(cleanup_entries(adb, adb->next_cleanbucket, now) == - ISC_FALSE); + RUNTIME_CHECK(cleanup_names(adb, adb->next_cleanbucket, now) == + ISC_FALSE); + RUNTIME_CHECK(cleanup_entries(adb, adb->next_cleanbucket, now) + == ISC_FALSE); /* * Set the next bucket to be cleaned. @@ -2452,7 +2469,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, dns_adbfind_t *find; dns_adbname_t *adbname; int bucket; - isc_boolean_t want_event, start_at_root, alias, have_address; + isc_boolean_t want_event, start_at_zone, alias, have_address; isc_result_t result; unsigned int wanted_addresses; unsigned int wanted_fetches; @@ -2474,7 +2491,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, wanted_fetches = 0; query_pending = 0; want_event = ISC_FALSE; - start_at_root = ISC_FALSE; + start_at_zone = ISC_FALSE; alias = ISC_FALSE; if (now == 0) @@ -2524,7 +2541,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, if (adb->name_sd[bucket]) { DP(DEF_LEVEL, "dns_adb_createfind: returning ISC_R_SHUTTINGDOWN"); - INSIST(free_adbfind(adb, &find) == ISC_FALSE); + RUNTIME_CHECK(free_adbfind(adb, &find) == ISC_FALSE); result = ISC_R_SHUTTINGDOWN; goto out; } @@ -2535,7 +2552,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, if (adbname == NULL) { adbname = new_adbname(adb, name); if (adbname == NULL) { - INSIST(free_adbfind(adb, &find) == ISC_FALSE); + RUNTIME_CHECK(free_adbfind(adb, &find) == ISC_FALSE); result = ISC_R_NOMEMORY; goto out; } @@ -2544,14 +2561,14 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, adbname->flags |= NAME_HINT_OK; if (FIND_GLUEOK(find)) adbname->flags |= NAME_GLUE_OK; - if (FIND_STARTATROOT(find)) - adbname->flags |= NAME_STARTATROOT; + if (FIND_STARTATZONE(find)) + adbname->flags |= NAME_STARTATZONE; } /* * Expire old entries, etc. */ - INSIST(check_expire_namehooks(adbname, now) == ISC_FALSE); + RUNTIME_CHECK(check_expire_namehooks(adbname, now) == ISC_FALSE); /* * Do we know that the name is an alias? @@ -2572,8 +2589,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, * start fetches. First try looking for an A record * in the database. */ - if (!NAME_HAS_V4(adbname) && !NAME_FETCH_V4(adbname) - && EXPIRE_OK(adbname->expire_v4, now) + if (!NAME_HAS_V4(adbname) && EXPIRE_OK(adbname->expire_v4, now) && WANT_INET(wanted_addresses)) { result = dbfind_name(adbname, now, dns_rdatatype_a); if (result == ISC_R_SUCCESS) { @@ -2608,12 +2624,12 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, else if (NXRRSET_RESULT(result)) goto v6; - wanted_fetches |= DNS_ADBFIND_INET; + if (!NAME_FETCH_V4(adbname)) + wanted_fetches |= DNS_ADBFIND_INET; } v6: - if (!NAME_HAS_V6(adbname) && !NAME_FETCH_V6(adbname) - && EXPIRE_OK(adbname->expire_v6, now) + if (!NAME_HAS_V6(adbname) && EXPIRE_OK(adbname->expire_v6, now) && WANT_INET6(wanted_addresses)) { result = dbfind_a6(adbname, now); if (result == ISC_R_SUCCESS) { @@ -2669,7 +2685,8 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, if (NCACHE_RESULT(result) || AUTH_NX(result)) goto fetch; - wanted_fetches |= DNS_ADBFIND_INET6; + if (!NAME_FETCH_V6(adbname)) + wanted_fetches |= DNS_ADBFIND_INET6; } fetch: @@ -2687,14 +2704,14 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, * be acceptable so we have to launch fetches. */ - if (FIND_STARTATROOT(find)) - start_at_root = ISC_TRUE; + if (FIND_STARTATZONE(find)) + start_at_zone = ISC_TRUE; /* * Start V4. */ if (WANT_INET(wanted_fetches) && - fetch_name_v4(adbname, start_at_root) == ISC_R_SUCCESS) { + fetch_name_v4(adbname, start_at_zone) == ISC_R_SUCCESS) { DP(DEF_LEVEL, "dns_adb_createfind: started A fetch for name %p", adbname); @@ -2704,7 +2721,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, * Start V6. */ if (WANT_INET6(wanted_fetches) && - fetch_name_a6(adbname, start_at_root) == ISC_R_SUCCESS) { + fetch_name_a6(adbname, start_at_zone) == ISC_R_SUCCESS) { DP(DEF_LEVEL, "dns_adb_createfind: started A6 fetch for name %p", adbname); @@ -2834,7 +2851,8 @@ dns_adb_destroyfind(dns_adbfind_t **findp) { entry = ai->entry; ai->entry = NULL; INSIST(DNS_ADBENTRY_VALID(entry)); - INSIST(dec_entry_refcnt(adb, entry, ISC_TRUE) == ISC_FALSE); + RUNTIME_CHECK(dec_entry_refcnt(adb, entry, ISC_TRUE) == + ISC_FALSE); free_adbaddrinfo(adb, &ai); ai = ISC_LIST_HEAD(find->list); } @@ -3285,7 +3303,6 @@ dbfind_a6(dns_adbname_t *adbname, isc_stdtime_t now) { INSIST(DNS_ADBNAME_VALID(adbname)); adb = adbname->adb; INSIST(DNS_ADB_VALID(adb)); - INSIST(!NAME_FETCH_V6(adbname)); result = ISC_R_UNEXPECTED; @@ -3731,10 +3748,11 @@ fetch_callback_a6(isc_task_t *task, isc_event_t *ev) { } static isc_result_t -fetch_name_v4(dns_adbname_t *adbname, isc_boolean_t start_at_root) { +fetch_name_v4(dns_adbname_t *adbname, isc_boolean_t start_at_zone) { isc_result_t result; dns_adbfetch_t *fetch = NULL; dns_adb_t *adb; + dns_fixedname_t fixed; dns_name_t *name; dns_rdataset_t rdataset; dns_rdataset_t *nameservers; @@ -3753,12 +3771,14 @@ fetch_name_v4(dns_adbname_t *adbname, isc_boolean_t start_at_root) { dns_rdataset_init(&rdataset); options = 0; - if (start_at_root) { - DP(50, "fetch_name_v4: starting at DNS root for name %p", + if (start_at_zone) { + DP(50, "fetch_name_v4: starting at zone for name %p", adbname); - name = dns_rootname; - result = dns_view_simplefind(adb->view, name, dns_rdatatype_ns, - 0, 0, ISC_TRUE, &rdataset, NULL); + dns_fixedname_init(&fixed); + name = dns_fixedname_name(&fixed); + result = dns_view_findzonecut2(adb->view, &adbname->name, name, + 0, 0, ISC_TRUE, ISC_FALSE, + &rdataset, NULL); if (result != ISC_R_SUCCESS && result != DNS_R_HINT) goto cleanup; nameservers = &rdataset; @@ -3833,10 +3853,11 @@ fetch_name_aaaa(dns_adbname_t *adbname) { } static isc_result_t -fetch_name_a6(dns_adbname_t *adbname, isc_boolean_t start_at_root) { +fetch_name_a6(dns_adbname_t *adbname, isc_boolean_t start_at_zone) { isc_result_t result; dns_adbfetch6_t *fetch = NULL; dns_adb_t *adb; + dns_fixedname_t fixed; dns_name_t *name; dns_rdataset_t rdataset; dns_rdataset_t *nameservers; @@ -3855,12 +3876,14 @@ fetch_name_a6(dns_adbname_t *adbname, isc_boolean_t start_at_root) { dns_rdataset_init(&rdataset); options = 0; - if (start_at_root) { - DP(50, "fetch_name_a6: starting at DNS root for name %p", + if (start_at_zone) { + DP(50, "fetch_name_a6: starting at zone for name %p", adbname); - name = dns_rootname; - result = dns_view_simplefind(adb->view, name, dns_rdatatype_ns, - 0, 0, ISC_TRUE, &rdataset, NULL); + dns_fixedname_init(&fixed); + name = dns_fixedname_name(&fixed); + result = dns_view_findzonecut2(adb->view, &adbname->name, name, + 0, 0, ISC_TRUE, ISC_FALSE, + &rdataset, NULL); if (result != ISC_R_SUCCESS && result != DNS_R_HINT) goto cleanup; nameservers = &rdataset; @@ -3930,6 +3953,7 @@ dns_adb_adjustsrtt(dns_adb_t *adb, dns_adbaddrinfo_t *addr, { int bucket; unsigned int new_srtt; + isc_stdtime_t now; REQUIRE(DNS_ADB_VALID(adb)); REQUIRE(DNS_ADBADDRINFO_VALID(addr)); @@ -3947,6 +3971,9 @@ dns_adb_adjustsrtt(dns_adb_t *adb, dns_adbaddrinfo_t *addr, addr->entry->srtt = new_srtt; addr->srtt = new_srtt; + isc_stdtime_get(&now); + addr->entry->expires = now + ADB_ENTRY_WINDOW; + UNLOCK(&adb->entrylocks[bucket]); } @@ -4044,7 +4071,7 @@ dns_adb_freeaddrinfo(dns_adb_t *adb, dns_adbaddrinfo_t **addrp) { bucket = addr->entry->lock_bucket; LOCK(&adb->entrylocks[bucket]); - entry->expires = now + 1800; /* XXXRTH */ + entry->expires = now + ADB_ENTRY_WINDOW; want_check_exit = dec_entry_refcnt(adb, entry, ISC_FALSE); @@ -4072,8 +4099,8 @@ dns_adb_flush(dns_adb_t *adb) { /* * Call our cleanup routines. */ - INSIST(cleanup_names(adb, i, INT_MAX) == ISC_FALSE); - INSIST(cleanup_entries(adb, i, INT_MAX) == ISC_FALSE); + RUNTIME_CHECK(cleanup_names(adb, i, INT_MAX) == ISC_FALSE); + RUNTIME_CHECK(cleanup_entries(adb, i, INT_MAX) == ISC_FALSE); } #ifdef DUMP_ADB_AFTER_CLEANING diff --git a/usr.sbin/bind/lib/dns/api b/usr.sbin/bind/lib/dns/api index 7bd467bdc97..d9681e57374 100644 --- a/usr.sbin/bind/lib/dns/api +++ b/usr.sbin/bind/lib/dns/api @@ -1,3 +1,3 @@ -LIBINTERFACE = 10 -LIBREVISION = 0 +LIBINTERFACE = 11 +LIBREVISION = 2 LIBAGE = 0 diff --git a/usr.sbin/bind/lib/dns/byaddr.c b/usr.sbin/bind/lib/dns/byaddr.c index b173f489a43..b0a5468d7e5 100644 --- a/usr.sbin/bind/lib/dns/byaddr.c +++ b/usr.sbin/bind/lib/dns/byaddr.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2000, 2001 Internet Software Consortium. + * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: byaddr.c,v 1.29 2001/06/04 19:32:57 tale Exp $ */ +/* $ISC: byaddr.c,v 1.29.2.2 2003/10/09 07:32:36 marka Exp $ */ #include <config.h> @@ -68,6 +68,18 @@ isc_result_t dns_byaddr_createptrname(isc_netaddr_t *address, isc_boolean_t nibble, dns_name_t *name) { + unsigned int options = DNS_BYADDROPT_IPV6INT; + + if (nibble) + options |= DNS_BYADDROPT_IPV6NIBBLE; + + return (dns_byaddr_createptrname2(address, options, name)); +} + +isc_result_t +dns_byaddr_createptrname2(isc_netaddr_t *address, unsigned int options, + dns_name_t *name) +{ char textname[128]; unsigned char *bytes; int i; @@ -92,7 +104,7 @@ dns_byaddr_createptrname(isc_netaddr_t *address, isc_boolean_t nibble, (bytes[1] & 0xff), (bytes[0] & 0xff)); } else if (address->family == AF_INET6) { - if (nibble) { + if ((options & DNS_BYADDROPT_IPV6NIBBLE) != 0) { cp = textname; for (i = 15; i >= 0; i--) { *cp++ = hex_digits[bytes[i] & 0x0f]; @@ -100,7 +112,10 @@ dns_byaddr_createptrname(isc_netaddr_t *address, isc_boolean_t nibble, *cp++ = hex_digits[(bytes[i] >> 4) & 0x0f]; *cp++ = '.'; } - strlcpy(cp, "ip6.int.", textname + sizeof(textname) - cp); + if ((options & DNS_BYADDROPT_IPV6INT) != 0) + strlcpy(cp, "ip6.int.", textname + sizeof(textname) - cp); + else + strlcpy(cp, "ip6.arpa.", textname + sizeof(textname) - cp); } else { cp = textname; *cp++ = '\\'; @@ -242,9 +257,8 @@ dns_byaddr_create(isc_mem_t *mctx, isc_netaddr_t *address, dns_view_t *view, dns_fixedname_init(&byaddr->name); - result = dns_byaddr_createptrname(address, - ISC_TF(byaddr->options & DNS_BYADDROPT_IPV6NIBBLE), - dns_fixedname_name(&byaddr->name)); + result = dns_byaddr_createptrname2(address, byaddr->options, + dns_fixedname_name(&byaddr->name)); if (result != ISC_R_SUCCESS) goto cleanup_lock; diff --git a/usr.sbin/bind/lib/dns/cache.c b/usr.sbin/bind/lib/dns/cache.c index be85a163ad1..e43c252e1ca 100644 --- a/usr.sbin/bind/lib/dns/cache.c +++ b/usr.sbin/bind/lib/dns/cache.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: cache.c,v 1.45.2.4 2002/08/05 06:57:11 marka Exp $ */ +/* $ISC: cache.c,v 1.45.2.5 2003/10/16 06:07:12 marka Exp $ */ #include <config.h> @@ -245,7 +245,9 @@ dns_cache_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, for (i = 0; i < cache->db_argc; i++) if (cache->db_argv[i] != NULL) isc_mem_free(mctx, cache->db_argv[i]); - isc_mem_put(mctx, cache->db_argv, cache->db_argc * sizeof(char *)); + if (cache->db_argv != NULL) + isc_mem_put(mctx, cache->db_argv, + cache->db_argc * sizeof(char *)); cleanup_dbtype: isc_mem_free(mctx, cache->db_type); cleanup_filelock: @@ -549,6 +551,8 @@ cache_cleaner_init(dns_cache_t *cache, isc_taskmgr_t *taskmgr, return (ISC_R_SUCCESS); cleanup: + if (cleaner->overmem_event != NULL) + isc_event_free(&cleaner->overmem_event); if (cleaner->resched_event != NULL) isc_event_free(&cleaner->resched_event); if (cleaner->cleaning_timer != NULL) diff --git a/usr.sbin/bind/lib/dns/db.c b/usr.sbin/bind/lib/dns/db.c index 357db1dd0a7..04757d72fd1 100644 --- a/usr.sbin/bind/lib/dns/db.c +++ b/usr.sbin/bind/lib/dns/db.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: db.c,v 1.69.2.1 2001/09/04 23:09:33 gson Exp $ */ +/* $ISC: db.c,v 1.69.2.3 2003/10/09 07:32:36 marka Exp $ */ /*** *** Imports @@ -428,7 +428,6 @@ dns_db_findnode(dns_db_t *db, dns_name_t *name, */ REQUIRE(DNS_DB_VALID(db)); - REQUIRE(dns_name_issubdomain(name, &db->origin)); REQUIRE(nodep != NULL && *nodep == NULL); return ((db->methods->findnode)(db, name, create, nodep)); diff --git a/usr.sbin/bind/lib/dns/dispatch.c b/usr.sbin/bind/lib/dns/dispatch.c index 340dc107afc..31c59ffefb1 100644 --- a/usr.sbin/bind/lib/dns/dispatch.c +++ b/usr.sbin/bind/lib/dns/dispatch.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: dispatch.c,v 1.101.2.3 2002/05/08 06:38:14 marka Exp $ */ +/* $ISC: dispatch.c,v 1.101.2.6 2003/07/22 04:03:40 marka Exp $ */ #include <config.h> @@ -478,12 +478,7 @@ allocate_event(dns_dispatch_t *disp) { * * If I/O result == CANCELED or error, free the buffer. * - * If query: - * if no listeners: free the buffer, restart. - * if listener: allocate event, fill in details. - * If cannot allocate, free buffer, restart. - * if rq event queue is not empty, queue. else, send. - * restart. + * If query, free the buffer, restart. * * If response: * Allocate event, fill in details. @@ -521,7 +516,12 @@ udp_recv(isc_task_t *task, isc_event_t *ev_in) { "got packet: requests %d, buffers %d, recvs %d", disp->requests, disp->mgr->buffers, disp->recv_pending); - if ((disp->attributes & DNS_DISPATCHATTR_NOLISTEN) == 0) { + if (ev->ev_type == ISC_SOCKEVENT_RECVDONE) { + /* + * Unless the receive event was imported from a listening + * interface, in which case the event type is + * DNS_EVENT_IMPORTRECVDONE, receive operation must be pending. + */ INSIST(disp->recv_pending != 0); disp->recv_pending = 0; } @@ -664,20 +664,15 @@ udp_recv(isc_task_t *task, isc_event_t *ev_in) { /* * General flow: * - * If I/O result == CANCELED, EOF, or error, free the buffer - * and notify everyone as the various queues drain. + * If I/O result == CANCELED, EOF, or error, notify everyone as the + * various queues drain. * - * If query: - * if no listeners: free the buffer, restart. - * if listener: allocate event, fill in details. - * If cannot allocate, free buffer, restart. - * if rq event queue is not empty, queue. else, send. - * restart. + * If query, restart. * * If response: * Allocate event, fill in details. - * If cannot allocate, free buffer, restart. - * find target. If not found, free buffer, restart. + * If cannot allocate, restart. + * find target. If not found, restart. * if event queue is not empty, queue. else, send. * restart. */ @@ -742,7 +737,7 @@ tcp_recv(isc_task_t *task, isc_event_t *ev_in) { * free the event *before* calling destroy_disp(). */ isc_event_free(&ev_in); - + disp->shutting_down = 1; disp->shutdown_why = tcpmsg->result; @@ -1541,7 +1536,7 @@ dns_dispatch_getudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr, { disp->attributes |= DNS_DISPATCHATTR_NOLISTEN; if (disp->recv_pending != 0) - isc_socket_cancel(disp->socket, NULL, + isc_socket_cancel(disp->socket, disp->task, ISC_SOCKCANCEL_RECV); } @@ -1679,7 +1674,7 @@ dns_dispatch_detach(dns_dispatch_t **dispp) { killit = ISC_FALSE; if (disp->refcount == 0) { if (disp->recv_pending > 0) - isc_socket_cancel(disp->socket, NULL, + isc_socket_cancel(disp->socket, disp->task, ISC_SOCKCANCEL_RECV); disp->shutting_down = 1; } @@ -1842,7 +1837,7 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp, killit = ISC_FALSE; if (disp->refcount == 0) { if (disp->recv_pending > 0) - isc_socket_cancel(disp->socket, NULL, + isc_socket_cancel(disp->socket, disp->task, ISC_SOCKCANCEL_RECV); disp->shutting_down = 1; } @@ -2008,11 +2003,19 @@ dns_dispatch_changeattributes(dns_dispatch_t *disp, LOCK(&disp->lock); - if ((disp->attributes & DNS_DISPATCHATTR_NOLISTEN) != 0 && - (attributes & DNS_DISPATCHATTR_NOLISTEN) == 0) - { - disp->attributes &= ~DNS_DISPATCHATTR_NOLISTEN; - startrecv(disp); + if ((mask & DNS_DISPATCHATTR_NOLISTEN) != 0) { + if ((disp->attributes & DNS_DISPATCHATTR_NOLISTEN) != 0 && + (attributes & DNS_DISPATCHATTR_NOLISTEN) == 0) { + disp->attributes &= ~DNS_DISPATCHATTR_NOLISTEN; + startrecv(disp); + } else if ((disp->attributes & DNS_DISPATCHATTR_NOLISTEN) + == 0 && + (attributes & DNS_DISPATCHATTR_NOLISTEN) != 0) { + disp->attributes |= DNS_DISPATCHATTR_NOLISTEN; + if (disp->recv_pending != 0) + isc_socket_cancel(disp->socket, disp->task, + ISC_SOCKCANCEL_RECV); + } } disp->attributes &= ~mask; @@ -2034,7 +2037,7 @@ dns_dispatch_importrecv(dns_dispatch_t *disp, isc_event_t *event) { INSIST(sevent->n <= disp->mgr->buffersize); newsevent = (isc_socketevent_t *) isc_event_allocate(disp->mgr->mctx, NULL, - ISC_SOCKEVENT_RECVDONE, udp_recv, + DNS_EVENT_IMPORTRECVDONE, udp_recv, disp, sizeof(isc_socketevent_t)); if (newsevent == NULL) return; diff --git a/usr.sbin/bind/lib/dns/dnssec.c b/usr.sbin/bind/lib/dns/dnssec.c index 056199358ff..27a8887f85c 100644 --- a/usr.sbin/bind/lib/dns/dnssec.c +++ b/usr.sbin/bind/lib/dns/dnssec.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -16,7 +16,7 @@ */ /* - * $ISC: dnssec.c,v 1.69.2.3 2002/08/02 05:08:49 marka Exp $ + * $ISC: dnssec.c,v 1.69.2.5 2003/07/22 04:03:41 marka Exp $ */ @@ -26,6 +26,7 @@ #include <isc/buffer.h> #include <isc/mem.h> +#include <isc/serial.h> #include <isc/string.h> #include <isc/util.h> @@ -360,15 +361,18 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key, if (ret != ISC_R_SUCCESS) return (ret); + if (isc_serial_lt(sig.timesigned, sig.timeexpire)) + return (DNS_R_SIGINVALID); + if (!ignoretime) { isc_stdtime_get(&now); /* * Is SIG temporally valid? */ - if (sig.timesigned > now) + if (isc_serial_lt((isc_uint32_t)now, sig.timesigned)) return (DNS_R_SIGFUTURE); - else if (sig.timeexpire < now) + else if (isc_serial_lt(sig.timeexpire, (isc_uint32_t)now)) return (DNS_R_SIGEXPIRED); } @@ -723,13 +727,19 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg, goto failure; } + if (isc_serial_lt(sig.timeexpire, sig.timesigned)) { + result = DNS_R_SIGINVALID; + msg->sig0status = dns_tsigerror_badtime; + goto failure; + } + isc_stdtime_get(&now); - if (sig.timesigned > now) { + if (isc_serial_lt((isc_uint32_t)now, sig.timesigned)) { result = DNS_R_SIGFUTURE; msg->sig0status = dns_tsigerror_badtime; goto failure; } - else if (sig.timeexpire < now) { + else if (isc_serial_lt(sig.timeexpire, (isc_uint32_t)now)) { result = DNS_R_SIGEXPIRED; msg->sig0status = dns_tsigerror_badtime; goto failure; diff --git a/usr.sbin/bind/lib/dns/gen.c b/usr.sbin/bind/lib/dns/gen.c index a233ce558ae..9bd7df7ce55 100644 --- a/usr.sbin/bind/lib/dns/gen.c +++ b/usr.sbin/bind/lib/dns/gen.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1998-2002 Internet Software Consortium. + * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: gen.c,v 1.65.2.2 2002/03/26 00:54:54 marka Exp $ */ +/* $ISC: gen.c,v 1.65.2.5 2003/07/23 06:57:48 marka Exp $ */ #include <config.h> @@ -110,6 +110,8 @@ const char copyright[] = " ***************/\n" "\n"; +#define TYPENAMES 256 + struct cc { struct cc *next; int rdclass; @@ -130,7 +132,10 @@ struct ttnam { char macroname[11]; char attr[256]; unsigned int sorted; -} typenames[256]; + int type; +} typenames[TYPENAMES]; + +int maxtype = -1; char * upper(char *); @@ -274,26 +279,49 @@ dodecl(char *type, char *function, char *args) { funname(tt->typename, buf1), args); } +static struct ttnam * +find_typename(int type) { + int i; + + for (i = 0; i < TYPENAMES; i++) { + if (typenames[i].typename[0] != 0 && + typenames[i].type == type) + return (&typenames[i]); + } + return (NULL); +} + void insert_into_typenames(int type, const char *typename, const char *attr) { - struct ttnam *ttn; - int c; + struct ttnam *ttn = NULL; + int c, i; char tmp[256]; - ttn = &typenames[type]; - if (ttn->typename[0] == 0) { - if (strlen(typename) > sizeof(ttn->typename) - 1) { - fprintf(stderr, "Error: type name %s is too long\n", - typename); + for (i = 0; i < TYPENAMES; i++) { + if (typenames[i].typename[0] != 0 && + typenames[i].type == type && + strcmp(typename, typenames[i].typename) != 0) { + fprintf(stderr, + "Error: type %d has two names: %s, %s\n", + type, typenames[i].typename, typename); exit(1); } - strlcpy(ttn->typename, typename, sizeof(ttn->typename)); - } else if (strcmp(typename, ttn->typename) != 0) { - fprintf(stderr, "Error: type %d has two names: %s, %s\n", - type, ttn->typename, typename); + if (typenames[i].typename[0] == 0 && ttn == NULL) + ttn = &typenames[i]; + } + if (ttn == NULL) { + fprintf(stderr, "Error: typenames array too small\n"); exit(1); } + if (strlen(typename) > sizeof(ttn->typename) - 1) { + fprintf(stderr, "Error: type name %s is too long\n", + typename); + exit(1); + } + strlcpy(ttn->typename, typename, sizeof(ttn->typename)); + ttn->type = type; + strlcpy(ttn->macroname, ttn->typename, sizeof(ttn->macroname)); c = strlen(ttn->macroname); while (c > 0) { @@ -320,6 +348,8 @@ insert_into_typenames(int type, const char *typename, const char *attr) { } strlcpy(ttn->attr, attr, sizeof(ttn->attr)); ttn->sorted = 0; + if (maxtype < type) + maxtype = type; } void @@ -469,7 +499,7 @@ main(int argc, char **argv) { char *file = NULL; isc_dir_t dir; - for (i = 0 ; i <= 255 ; i++) + for (i = 0; i < TYPENAMES ; i++) memset(&typenames[i], 0, sizeof(typenames[i])); strlcpy(srcdir, "", sizeof(srcdir)); @@ -596,7 +626,7 @@ main(int argc, char **argv) { * attributes. */ -#define PRINT_COMMA(x) (x == 255 ? "" : ",") +#define PRINT_COMMA(x) (x == maxtype ? "" : ",") #define METANOTQUESTION "DNS_RDATATYPEATTR_META | " \ "DNS_RDATATYPEATTR_NOTQUESTION" @@ -626,9 +656,9 @@ main(int argc, char **argv) { fprintf(stdout, "\tunsigned int flags;\n"); fprintf(stdout, "} typeattr_t;\n"); fprintf(stdout, "static typeattr_t typeattr[] = {\n"); - for (i = 0 ; i <= 255 ; i++) { - ttn = &typenames[i]; - if (ttn->typename[0] == 0) { + for (i = 0; i <= maxtype ; i++) { + ttn = find_typename(i); + if (ttn == NULL) { const char *attrs; if (i >= 128 && i < 255) attrs = "DNS_RDATATYPEATTR_UNKNOWN | " @@ -636,7 +666,7 @@ main(int argc, char **argv) { else attrs = "DNS_RDATATYPEATTR_UNKNOWN"; fprintf(stdout, "\t{ \"TYPE%d\", %s}%s\n", - i, attrs, PRINT_COMMA(i)); + i, attrs, PRINT_COMMA(i)); } else { fprintf(stdout, "\t{ \"%s\", %s }%s\n", upper(ttn->typename), @@ -647,16 +677,6 @@ main(int argc, char **argv) { fprintf(stdout, "};\n"); /* - * Run through the list of types and pre-mark the unused - * ones as "sorted" so we simply ignore them below. - */ - for (i = 0 ; i <= 255 ; i++) { - ttn = &typenames[i]; - if (ttn->typename[0] == 0) - ttn->sorted = 1; - } - - /* * Spit out a quick and dirty hash function. Here, * we walk through the list of type names, and calculate * a hash. This isn't perfect, but it will generate "pretty @@ -682,8 +702,10 @@ main(int argc, char **argv) { fprintf(stdout, "#define RDATATYPE_FROMTEXT_SW(_hash," "_typename,_length,_typep) \\\n"); fprintf(stdout, "\tswitch (_hash) { \\\n"); - for (i = 0 ; i <= 255 ; i++) { - ttn = &typenames[i]; + for (i = 0; i <= maxtype ; i++) { + ttn = find_typename(i); + if (ttn == NULL) + continue; /* * Skip entries we already processed. @@ -698,15 +720,15 @@ main(int argc, char **argv) { * Find all other entries that happen to match * this hash. */ - for (j = 0 ; j <= 255 ; j++) { - ttn2 = &typenames[j]; - if (ttn2->sorted != 0) + for (j = 0; j <= maxtype ; j++) { + ttn2 = find_typename(j); + if (ttn2 == NULL) continue; if (hash == HASH(ttn2->typename)) { fprintf(stdout, "\t\t\tRDATATYPE_COMPARE" "(\"%s\", %u, " "_typename, _length, _typep); \\\n", - ttn2->typename, j); + ttn2->typename, ttn2->type); ttn2->sorted = 1; } } @@ -750,7 +772,7 @@ main(int argc, char **argv) { "#define dns_rdatatype_%s\t%s" "((dns_rdatatype_t)dns_rdatatype_%s)" "\n", - s, strlen(s) < 2 ? "\t" : "", s); + s, strlen(s) < 2U ? "\t" : "", s); lasttype = tt->type; } diff --git a/usr.sbin/bind/lib/dns/include/dns/adb.h b/usr.sbin/bind/lib/dns/include/dns/adb.h index da0628c6955..956596b3db4 100644 --- a/usr.sbin/bind/lib/dns/include/dns/adb.h +++ b/usr.sbin/bind/lib/dns/include/dns/adb.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: adb.h,v 1.66.2.3 2002/08/05 06:57:13 marka Exp $ */ +/* $ISC: adb.h,v 1.66.2.5 2003/07/22 04:03:45 marka Exp $ */ #ifndef DNS_ADB_H #define DNS_ADB_H 1 @@ -147,9 +147,9 @@ struct dns_adbfind { * If set, fetches will not be generated unless no addresses are * available in any of the address families requested. * - * _STARTATROOT: - * Fetches will start at the root nameservers, instead of the closest - * ancestor. This is useful for reestablishing glue that has expired. + * _STARTATZONE: + * Fetches will start using the closest zone data or use the root servers. + * This is useful for reestablishing glue that has expired. * * _GLUEOK: * _HINTOK: @@ -170,7 +170,7 @@ struct dns_adbfind { #define DNS_ADBFIND_EMPTYEVENT 0x00000004 #define DNS_ADBFIND_WANTEVENT 0x00000008 #define DNS_ADBFIND_AVOIDFETCHES 0x00000010 -#define DNS_ADBFIND_STARTATROOT 0x00000020 +#define DNS_ADBFIND_STARTATZONE 0x00000020 #define DNS_ADBFIND_GLUEOK 0x00000040 #define DNS_ADBFIND_HINTOK 0x00000080 #define DNS_ADBFIND_RETURNLAME 0x00000100 diff --git a/usr.sbin/bind/lib/dns/include/dns/byaddr.h b/usr.sbin/bind/lib/dns/include/dns/byaddr.h index c99afdcf380..f59f2e8fe49 100644 --- a/usr.sbin/bind/lib/dns/include/dns/byaddr.h +++ b/usr.sbin/bind/lib/dns/include/dns/byaddr.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2000, 2001 Internet Software Consortium. + * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: byaddr.h,v 1.12 2001/01/09 21:52:18 bwelling Exp $ */ +/* $ISC: byaddr.h,v 1.12.2.2 2003/10/09 07:32:39 marka Exp $ */ #ifndef DNS_BYADDR_H #define DNS_BYADDR_H 1 @@ -69,6 +69,7 @@ typedef struct dns_byaddrevent { } dns_byaddrevent_t; #define DNS_BYADDROPT_IPV6NIBBLE 0x0001 +#define DNS_BYADDROPT_IPV6INT 0x0002 /* Use IP6.INT nibble lookups */ isc_result_t dns_byaddr_create(isc_mem_t *mctx, isc_netaddr_t *address, dns_view_t *view, @@ -79,17 +80,13 @@ dns_byaddr_create(isc_mem_t *mctx, isc_netaddr_t *address, dns_view_t *view, * * Notes: * - * There are two reverse lookup formats for IPv6 addresses, 'bitstring' - * and 'nibble'. The newer 'bitstring' format for the address fe80::1 is - * - * \[xfe800000000000000000000000000001].ip6.int. + * There is a reverse lookup format for IPv6 addresses, 'nibble' * * The 'nibble' format for that address is * - * 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.int. + * 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. * - * The 'bitstring' format will be used unless the DNS_BYADDROPT_IPV6NIBBLE - * option has been set. + * DNS_BYADDROPT_IPV6INT can be used to get nibble lookups under ip6.int. * * Requires: * @@ -147,10 +144,15 @@ dns_byaddr_destroy(dns_byaddr_t **byaddrp); isc_result_t dns_byaddr_createptrname(isc_netaddr_t *address, isc_boolean_t nibble, dns_name_t *name); + +isc_result_t +dns_byaddr_createptrname2(isc_netaddr_t *address, unsigned int options, + dns_name_t *name); /* * Creates a name that would be used in a PTR query for this address. The * nibble flag indicates that the 'nibble' format is to be used if an IPv6 - * address is provided, instead of the 'bitstring' format. + * address is provided, instead of the 'bitstring' format. 'options' are + * the same as for dns_byaddr_create(). * * Requires: * diff --git a/usr.sbin/bind/lib/dns/include/dns/db.h b/usr.sbin/bind/lib/dns/include/dns/db.h index 02e97bf3a98..2eb32304ee7 100644 --- a/usr.sbin/bind/lib/dns/include/dns/db.h +++ b/usr.sbin/bind/lib/dns/include/dns/db.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: db.h,v 1.67 2001/08/28 03:58:13 marka Exp $ */ +/* $ISC: db.h,v 1.67.2.2 2003/10/09 07:32:39 marka Exp $ */ #ifndef DNS_DB_H #define DNS_DB_H 1 @@ -598,8 +598,7 @@ dns_db_findnode(dns_db_t *db, dns_name_t *name, isc_boolean_t create, * * 'db' is a valid database. * - * 'name' is a valid, non-empty, absolute name that is a subdomain of - * the database's origin. (It need not be a proper subdomain.) + * 'name' is a valid, non-empty, absolute name. * * nodep != NULL && *nodep == NULL * diff --git a/usr.sbin/bind/lib/dns/include/dns/dispatch.h b/usr.sbin/bind/lib/dns/include/dns/dispatch.h index cbe3ab9908d..643b2bbcd52 100644 --- a/usr.sbin/bind/lib/dns/include/dns/dispatch.h +++ b/usr.sbin/bind/lib/dns/include/dns/dispatch.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: dispatch.h,v 1.45.22.2 2003/02/17 07:05:10 marka Exp $ */ +/* $ISC: dispatch.h,v 1.45.2.2 2003/03/06 04:38:22 marka Exp $ */ #ifndef DNS_DISPATCH_H #define DNS_DISPATCH_H 1 diff --git a/usr.sbin/bind/lib/dns/include/dns/events.h b/usr.sbin/bind/lib/dns/include/dns/events.h index 913a571782a..d2ecbd14d0a 100644 --- a/usr.sbin/bind/lib/dns/include/dns/events.h +++ b/usr.sbin/bind/lib/dns/include/dns/events.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: events.h,v 1.37 2001/02/13 02:49:07 gson Exp $ */ +/* $ISC: events.h,v 1.37.2.1 2002/09/04 02:47:08 jinmei Exp $ */ #ifndef DNS_EVENTS_H #define DNS_EVENTS_H 1 @@ -60,6 +60,7 @@ #define DNS_EVENT_QUERYABORTED (ISC_EVENTCLASS_DNS + 31) #define DNS_EVENT_DISPATCHCONTROL (ISC_EVENTCLASS_DNS + 32) #define DNS_EVENT_REQUESTCONTROL (ISC_EVENTCLASS_DNS + 33) +#define DNS_EVENT_IMPORTRECVDONE (ISC_EVENTCLASS_DNS + 35) #define DNS_EVENT_FIRSTEVENT (ISC_EVENTCLASS_DNS + 0) #define DNS_EVENT_LASTEVENT (ISC_EVENTCLASS_DNS + 65535) diff --git a/usr.sbin/bind/lib/dns/include/dns/log.h b/usr.sbin/bind/lib/dns/include/dns/log.h index 38f1c3372b5..a52a62aa210 100644 --- a/usr.sbin/bind/lib/dns/include/dns/log.h +++ b/usr.sbin/bind/lib/dns/include/dns/log.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: log.h,v 1.30.2.1 2001/10/11 02:03:23 marka Exp $ */ +/* $ISC: log.h,v 1.30.2.3 2003/10/09 07:32:39 marka Exp $ */ /* Principal Authors: DCL */ diff --git a/usr.sbin/bind/lib/dns/include/dns/master.h b/usr.sbin/bind/lib/dns/include/dns/master.h index 367cbcd68cc..54b1903d1d1 100644 --- a/usr.sbin/bind/lib/dns/include/dns/master.h +++ b/usr.sbin/bind/lib/dns/include/dns/master.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: master.h,v 1.31.2.1 2001/09/04 22:51:41 gson Exp $ */ +/* $ISC: master.h,v 1.31.2.3 2003/07/22 04:03:45 marka Exp $ */ #ifndef DNS_MASTER_H #define DNS_MASTER_H 1 @@ -37,6 +37,7 @@ #define DNS_MASTER_MANYERRORS 0x00000002 /* Continue processing on errors. */ #define DNS_MASTER_NOINCLUDE 0x00000004 /* Disallow $INCLUDE directives. */ #define DNS_MASTER_ZONE 0x00000008 /* Loading a zone master file. */ +#define DNS_MASTER_SLAVE 0x00000020 /* Loading a slave master file. */ ISC_LANG_BEGINDECLS diff --git a/usr.sbin/bind/lib/dns/include/dns/name.h b/usr.sbin/bind/lib/dns/include/dns/name.h index 9f358b88af6..ab0750d158e 100644 --- a/usr.sbin/bind/lib/dns/include/dns/name.h +++ b/usr.sbin/bind/lib/dns/include/dns/name.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 1998-2002 Internet Software Consortium. + * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: name.h,v 1.95.2.2 2002/04/23 02:28:51 marka Exp $ */ +/* $ISC: name.h,v 1.95.2.4 2003/10/09 07:32:39 marka Exp $ */ #ifndef DNS_NAME_H #define DNS_NAME_H 1 @@ -390,6 +390,22 @@ dns_name_hash(dns_name_t *name, isc_boolean_t case_sensitive); * A hash value */ +unsigned int +dns_fullname_hash(dns_name_t *name, isc_boolean_t case_sensitive); +/* + * Provide a hash value for 'name'. Unlike dns_name_hash(), this function + * always takes into account of the entire name to calculate the hash value. + * + * Note: if 'case_sensitive' is ISC_FALSE, then names which differ only in + * case will have the same hash value. + * + * Requires: + * 'name' is a valid name + * + * Returns: + * A hash value + */ + /*** *** Comparisons ***/ diff --git a/usr.sbin/bind/lib/dns/include/dns/rdata.h b/usr.sbin/bind/lib/dns/include/dns/rdata.h index 36f393a0125..0e482b97e9f 100644 --- a/usr.sbin/bind/lib/dns/include/dns/rdata.h +++ b/usr.sbin/bind/lib/dns/include/dns/rdata.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 1998-2002 Internet Software Consortium. + * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: rdata.h,v 1.51.2.2 2002/02/20 02:17:25 marka Exp $ */ +/* $ISC: rdata.h,v 1.51.2.4 2003/10/09 07:32:39 marka Exp $ */ #ifndef DNS_RDATA_H #define DNS_RDATA_H 1 @@ -468,10 +468,6 @@ dns_rdatatype_ismeta(dns_rdatatype_t type); /* * Return true iff the rdata type 'type' is a meta-type * like ANY or AXFR. - * - * Requires: - * 'type' is a valid rdata type. - * */ isc_boolean_t @@ -490,10 +486,6 @@ dns_rdataclass_ismeta(dns_rdataclass_t rdclass); /* * Return true iff the rdata class 'rdclass' is a meta-class * like ANY or NONE. - * - * Requires: - * 'rdclass' is a valid rdata class. - * */ isc_boolean_t diff --git a/usr.sbin/bind/lib/dns/include/dns/rdataset.h b/usr.sbin/bind/lib/dns/include/dns/rdataset.h index 47ddd524618..de0d5d43560 100644 --- a/usr.sbin/bind/lib/dns/include/dns/rdataset.h +++ b/usr.sbin/bind/lib/dns/include/dns/rdataset.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: rdataset.h,v 1.41.2.2 2002/04/23 02:28:52 marka Exp $ */ +/* $ISC: rdataset.h,v 1.41.2.5 2003/07/22 04:03:45 marka Exp $ */ #ifndef DNS_RDATASET_H #define DNS_RDATASET_H 1 @@ -104,7 +104,7 @@ struct dns_rdataset { void * private1; void * private2; void * private3; - void * private4; + unsigned int privateuint4; void * private5; }; @@ -129,6 +129,7 @@ struct dns_rdataset { #define DNS_RDATASETATTR_FIXEDORDER 0x0400 #define DNS_RDATASETATTR_RANDOMIZE 0x0800 #define DNS_RDATASETATTR_CHASE 0x1000 /* Used by resolver. */ +#define DNS_RDATASETATTR_NXDOMAIN 0x2000 void dns_rdataset_init(dns_rdataset_t *rdataset); diff --git a/usr.sbin/bind/lib/dns/include/dns/rdataslab.h b/usr.sbin/bind/lib/dns/include/dns/rdataslab.h index 317e32f95ce..4364d05a599 100644 --- a/usr.sbin/bind/lib/dns/include/dns/rdataslab.h +++ b/usr.sbin/bind/lib/dns/include/dns/rdataslab.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: rdataslab.h,v 1.20 2001/01/09 21:53:19 bwelling Exp $ */ +/* $ISC: rdataslab.h,v 1.20.2.2 2003/07/22 04:03:45 marka Exp $ */ #ifndef DNS_RDATASLAB_H #define DNS_RDATASLAB_H 1 @@ -121,7 +121,8 @@ isc_boolean_t dns_rdataslab_equal(unsigned char *slab1, unsigned char *slab2, unsigned int reservelen); -/* Compare two rdataslabs for equality. This does _not_ do a full +/* + * Compare two rdataslabs for equality. This does _not_ do a full * DNSSEC comparison. * * Requires: @@ -131,6 +132,20 @@ dns_rdataslab_equal(unsigned char *slab1, unsigned char *slab2, * ISC_TRUE if the slabs are equal, ISC_FALSE otherwise. */ +isc_boolean_t +dns_rdataslab_equalx(unsigned char *slab1, unsigned char *slab2, + unsigned int reservelen, dns_rdataclass_t rdclass, + dns_rdatatype_t type); +/* + * Compare two rdataslabs for DNSSEC equality. + * + * Requires: + * 'slab1' and 'slab2' point to slabs. + * + * Returns: + * ISC_TRUE if the slabs are equal, ISC_FALSE otherwise. + */ + ISC_LANG_ENDDECLS #endif /* DNS_RDATASLAB_H */ diff --git a/usr.sbin/bind/lib/dns/include/dns/result.h b/usr.sbin/bind/lib/dns/include/dns/result.h index fae450fccab..bebf75ede29 100644 --- a/usr.sbin/bind/lib/dns/include/dns/result.h +++ b/usr.sbin/bind/lib/dns/include/dns/result.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 1998-2002 Internet Software Consortium. + * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: result.h,v 1.81.2.3 2002/03/26 00:55:02 marka Exp $ */ +/* $ISC: result.h,v 1.81.2.7 2003/07/22 04:03:46 marka Exp $ */ #ifndef DNS_RESULT_H #define DNS_RESULT_H 1 @@ -120,9 +120,11 @@ #define DNS_R_FROZEN (ISC_RESULTCLASS_DNS + 81) #define DNS_R_UNKNOWNFLAG (ISC_RESULTCLASS_DNS + 82) #define DNS_R_EXPECTEDRESPONSE (ISC_RESULTCLASS_DNS + 83) +#define DNS_R_EMPTYNAME (ISC_RESULTCLASS_DNS + 92) +#define DNS_R_EMPTYWILD (ISC_RESULTCLASS_DNS + 93) +#define DNS_R_BADBITMAP (ISC_RESULTCLASS_DNS + 94) - -#define DNS_R_NRESULTS 84 /* Number of results */ +#define DNS_R_NRESULTS 95 /* Number of results */ /* * DNS wire format rcodes. diff --git a/usr.sbin/bind/lib/dns/include/dns/view.h b/usr.sbin/bind/lib/dns/include/dns/view.h index da264d8fcaa..dd465d09089 100644 --- a/usr.sbin/bind/lib/dns/include/dns/view.h +++ b/usr.sbin/bind/lib/dns/include/dns/view.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: view.h,v 1.73.2.2 2002/08/05 06:57:13 marka Exp $ */ +/* $ISC: view.h,v 1.73.2.7 2003/09/19 14:10:31 marka Exp $ */ #ifndef DNS_VIEW_H #define DNS_VIEW_H 1 @@ -119,6 +119,8 @@ struct dns_view { dns_aclenv_t aclenv; isc_boolean_t flush; dns_namelist_t * delonly; + isc_boolean_t rootdelonly; + dns_namelist_t * rootexclude; /* * Configurable data for server use only, @@ -513,6 +515,12 @@ dns_view_findzonecut(dns_view_t *view, dns_name_t *name, dns_name_t *fname, isc_stdtime_t now, unsigned int options, isc_boolean_t use_hints, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset); + +isc_result_t +dns_view_findzonecut2(dns_view_t *view, dns_name_t *name, dns_name_t *fname, + isc_stdtime_t now, unsigned int options, + isc_boolean_t use_hints, isc_boolean_t use_cache, + dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset); /* * Find the best known zonecut containing 'name'. * @@ -526,6 +534,9 @@ dns_view_findzonecut(dns_view_t *view, dns_name_t *name, dns_name_t *fname, * If 'use_hints' is ISC_TRUE, and the view has a hints database, then * it will be searched last. * + * If 'use_cache' is ISC_TRUE, and the view has a cache, then it will be + * searched. + * * If 'sigrdataset' is not NULL, and there is a SIG rdataset which * covers 'type', then 'sigrdataset' will be bound to it. * @@ -696,6 +707,22 @@ isc_result_t dns_view_adddelegationonly(dns_view_t *view, dns_name_t *name); /* * Add the given name to the delegation only table. + * + * + * Requires: + * 'view' is valid. + * 'name' is valid. + * + * Returns: + * ISC_R_SUCCESS + * ISC_R_NOMEMORY + */ + +isc_result_t +dns_view_excludedelegationonly(dns_view_t *view, dns_name_t *name); +/* + * Add the given name to be excluded from the root-delegation-only. + * * * Requires: * 'view' is valid. @@ -709,7 +736,8 @@ dns_view_adddelegationonly(dns_view_t *view, dns_name_t *name); isc_boolean_t dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name); /* - * Check if 'name' is in the delegation only table. + * Check if 'name' is in the delegation only table or if + * rootdelonly is set that name is not being excluded. * * Requires: * 'view' is valid. @@ -720,7 +748,22 @@ dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name); * ISC_FALSE othewise. */ +void +dns_view_setrootdelonly(dns_view_t *view, isc_boolean_t value); +/* + * Set the root delegation only flag. + * + * Requires: + * 'view' is valid. + */ -ISC_LANG_ENDDECLS +isc_boolean_t +dns_view_getrootdelonly(dns_view_t *view); +/* + * Get the root delegation only flag. + * + * Requires: + * 'view' is valid. + */ #endif /* DNS_VIEW_H */ diff --git a/usr.sbin/bind/lib/dns/include/dns/zone.h b/usr.sbin/bind/lib/dns/include/dns/zone.h index 110155014bd..4808a476453 100644 --- a/usr.sbin/bind/lib/dns/include/dns/zone.h +++ b/usr.sbin/bind/lib/dns/include/dns/zone.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: zone.h,v 1.106.2.5.4.2 2003/02/17 07:05:10 marka Exp $ */ +/* $ISC: zone.h,v 1.106.2.7 2003/03/06 04:38:22 marka Exp $ */ #ifndef DNS_ZONE_H #define DNS_ZONE_H 1 diff --git a/usr.sbin/bind/lib/dns/log.c b/usr.sbin/bind/lib/dns/log.c index c34cfc51eee..d2dcc08c4db 100644 --- a/usr.sbin/bind/lib/dns/log.c +++ b/usr.sbin/bind/lib/dns/log.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: log.c,v 1.33.2.2 2001/10/11 23:07:00 gson Exp $ */ +/* $ISC: log.c,v 1.33.2.4 2003/10/09 07:32:37 marka Exp $ */ /* Principal Authors: DCL */ diff --git a/usr.sbin/bind/lib/dns/master.c b/usr.sbin/bind/lib/dns/master.c index 4e084bfe55b..10c46d57f25 100644 --- a/usr.sbin/bind/lib/dns/master.c +++ b/usr.sbin/bind/lib/dns/master.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: master.c,v 1.122.2.5 2002/03/20 19:15:13 marka Exp $ */ +/* $ISC: master.c,v 1.122.2.8 2003/07/22 04:03:41 marka Exp $ */ #include <config.h> @@ -24,6 +24,7 @@ #include <isc/magic.h> #include <isc/mem.h> #include <isc/print.h> +#include <isc/serial.h> #include <isc/stdtime.h> #include <isc/string.h> #include <isc/task.h> @@ -690,7 +691,10 @@ generate(dns_loadctx_t *lctx, char *range, char *lhs, char *gtype, char *rhs, if (result != ISC_R_SUCCESS) goto error_cleanup; - if (!dns_name_issubdomain(owner, lctx->top)) { + if ((lctx->options & DNS_MASTER_ZONE) != 0 && + (lctx->options & DNS_MASTER_SLAVE) == 0 && + !dns_name_issubdomain(owner, lctx->top)) + { char namebuf[DNS_NAME_FORMATSIZE]; dns_name_format(owner, namebuf, sizeof(namebuf)); /* @@ -1218,7 +1222,10 @@ load(dns_loadctx_t *lctx) { target_size); } } - if (!dns_name_issubdomain(new_name, lctx->top)) { + if ((lctx->options & DNS_MASTER_ZONE) != 0 && + (lctx->options & DNS_MASTER_SLAVE) == 0 && + !dns_name_issubdomain(new_name, lctx->top)) + { char namebuf[DNS_NAME_FORMATSIZE]; dns_name_format(new_name, namebuf, sizeof(namebuf)); @@ -1474,7 +1481,7 @@ load(dns_loadctx_t *lctx) { if (type == dns_rdatatype_sig && lctx->warn_sigexpired) { dns_rdata_sig_t sig; (void)dns_rdata_tostruct(&rdata[rdcount], &sig, NULL); - if (now > sig.timeexpire) { + if (isc_serial_lt(sig.timeexpire, now)) { (*callbacks->warn)(callbacks, "%s: %s:%lu: " "signature has expired", diff --git a/usr.sbin/bind/lib/dns/masterdump.c b/usr.sbin/bind/lib/dns/masterdump.c index 1cd5bf433b8..80b337b7e5f 100644 --- a/usr.sbin/bind/lib/dns/masterdump.c +++ b/usr.sbin/bind/lib/dns/masterdump.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: masterdump.c,v 1.56.2.2 2001/10/30 01:53:24 marka Exp $ */ +/* $ISC: masterdump.c,v 1.56.2.5 2003/07/22 04:03:41 marka Exp $ */ #include <config.h> @@ -124,6 +124,7 @@ typedef struct dns_totext_ctx { char * linebreak; char linebreak_buf[DNS_TOTEXT_LINEBREAK_MAXLEN]; dns_name_t * origin; + dns_name_t * neworigin; dns_fixedname_t origin_fixname; isc_uint32_t current_ttl; isc_boolean_t current_ttl_valid; @@ -186,7 +187,7 @@ static char spaces[N_SPACES+1] = " "; #define N_TABS 10 static char tabs[N_TABS+1] = "\t\t\t\t\t\t\t\t\t\t"; - +#define NXDOMAIN(x) (((x)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0) /* * Output tabs and spaces to go from column '*current' to @@ -306,6 +307,7 @@ totext_ctx_init(const dns_master_style_t *style, dns_totext_ctx_t *ctx) { } ctx->origin = NULL; + ctx->neworigin = NULL; ctx->current_ttl = 0; ctx->current_ttl_valid = ISC_FALSE; @@ -458,7 +460,10 @@ rdataset_totext(dns_rdataset_t *rdataset, */ INDENT_TO(rdata_column); if (rdataset->type == 0) { - RETERR(str_totext(";-$\n", target)); + if (NXDOMAIN(rdataset)) + RETERR(str_totext(";-$NXDOMAIN\n", target)); + else + RETERR(str_totext(";-$NXRRSET\n", target)); } else { dns_rdata_t rdata = DNS_RDATA_INIT; isc_region_t r; @@ -786,6 +791,7 @@ dump_rdatasets(isc_mem_t *mctx, dns_name_t *name, dns_rdatasetiter_t *rdsiter, isc_buffer_t *buffer, FILE *f) { isc_result_t itresult, dumpresult; + isc_region_t r; dns_rdataset_t rdatasets[MAXSORT]; dns_rdataset_t *sorted[MAXSORT]; int i, n; @@ -793,6 +799,15 @@ dump_rdatasets(isc_mem_t *mctx, dns_name_t *name, dns_rdatasetiter_t *rdsiter, itresult = dns_rdatasetiter_first(rdsiter); dumpresult = ISC_R_SUCCESS; + if (itresult == ISC_R_SUCCESS && ctx->neworigin != NULL) { + isc_buffer_clear(buffer); + itresult = dns_name_totext(ctx->neworigin, ISC_FALSE, buffer); + RUNTIME_CHECK(itresult == ISC_R_SUCCESS); + isc_buffer_usedregion(buffer, &r); + fprintf(f, "$ORIGIN %.*s\n", (int) r.length, (char *) r.base); + ctx->neworigin = NULL; + } + again: for (i = 0; itresult == ISC_R_SUCCESS && i < MAXSORT; @@ -929,14 +944,9 @@ dns_master_dumptostream(isc_mem_t *mctx, dns_db_t *db, dns_fixedname_name(&ctx.origin_fixname); result = dns_dbiterator_origin(dbiter, origin); RUNTIME_CHECK(result == ISC_R_SUCCESS); - isc_buffer_clear(&buffer); - result = dns_name_totext(origin, ISC_FALSE, &buffer); - RUNTIME_CHECK(result == ISC_R_SUCCESS); - isc_buffer_usedregion(&buffer, &r); - fprintf(f, "$ORIGIN %.*s\n", (int) r.length, - (char *) r.base); if ((ctx.style.flags & DNS_STYLEFLAG_REL_DATA) != 0) ctx.origin = origin; + ctx.neworigin = origin; } result = dns_db_allrdatasets(db, node, version, now, &rdsiter); if (result != ISC_R_SUCCESS) { diff --git a/usr.sbin/bind/lib/dns/message.c b/usr.sbin/bind/lib/dns/message.c index 5ce0157eba1..8801655297d 100644 --- a/usr.sbin/bind/lib/dns/message.c +++ b/usr.sbin/bind/lib/dns/message.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: message.c,v 1.194.2.8 2002/02/28 05:17:49 marka Exp $ */ +/* $ISC: message.c,v 1.194.2.10 2003/07/22 04:03:41 marka Exp $ */ /*** *** Imports @@ -2922,8 +2922,7 @@ dns_message_pseudosectiontotext(dns_message_t *msg, ADD_STRING(target, ";; OPT PSEUDOSECTION:\n"); ADD_STRING(target, "; EDNS: version: "); snprintf(buf, sizeof(buf), "%u", - (unsigned int)((ps->ttl & - 0x00ff0000 >> 16))); + (unsigned int)((ps->ttl & 0x00ff0000) >> 16)); ADD_STRING(target, buf); ADD_STRING(target, ", flags:"); if ((ps->ttl & DNS_MESSAGEEXTFLAG_DO) != 0) diff --git a/usr.sbin/bind/lib/dns/name.c b/usr.sbin/bind/lib/dns/name.c index f4937ca24f8..1eb688723e2 100644 --- a/usr.sbin/bind/lib/dns/name.c +++ b/usr.sbin/bind/lib/dns/name.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1998-2002 Internet Software Consortium. + * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,13 +15,14 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: name.c,v 1.127.2.5 2002/08/02 00:33:05 marka Exp $ */ +/* $ISC: name.c,v 1.127.2.8 2003/10/09 07:32:37 marka Exp $ */ #include <config.h> #include <ctype.h> #include <isc/buffer.h> +#include <isc/hash.h> #include <isc/mem.h> #include <isc/print.h> #include <isc/string.h> @@ -461,6 +462,20 @@ dns_name_hash(dns_name_t *name, isc_boolean_t case_sensitive) { return (h); } +unsigned int +dns_fullname_hash(dns_name_t *name, isc_boolean_t case_sensitive) { + /* + * Provide a hash value for 'name'. + */ + REQUIRE(VALID_NAME(name)); + + if (name->labels == 0) + return (0); + + return (isc_hash_calc((const unsigned char *)name->ndata, + name->length, case_sensitive)); +} + dns_namereln_t dns_name_fullcompare(const dns_name_t *name1, const dns_name_t *name2, int *orderp, @@ -1807,7 +1822,7 @@ dns_name_totext(dns_name_t *name, isc_boolean_t omit_final_dot, count = 256; nlen--; len = snprintf(num, sizeof(num), "%u", count); - INSIST(len <= 4); + INSIST(len <= 4U); bytes = count / 8; if (count % 8 != 0) bytes++; @@ -1960,7 +1975,7 @@ dns_name_tofilenametext(dns_name_t *name, isc_boolean_t omit_final_dot, count = 256; nlen--; len = snprintf(num, sizeof(num), "%u", count); - INSIST(len <= 4); + INSIST(len <= 4U); bytes = count / 8; if (count % 8 != 0) bytes++; diff --git a/usr.sbin/bind/lib/dns/ncache.c b/usr.sbin/bind/lib/dns/ncache.c index 8ec80415d65..8ae87e5920f 100644 --- a/usr.sbin/bind/lib/dns/ncache.c +++ b/usr.sbin/bind/lib/dns/ncache.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: ncache.c,v 1.24.2.2 2002/02/08 03:57:29 marka Exp $ */ +/* $ISC: ncache.c,v 1.24.2.5 2003/09/17 05:20:01 marka Exp $ */ #include <config.h> @@ -249,6 +249,8 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, dns_rdataset_init(&ncrdataset); dns_rdatalist_tordataset(&ncrdatalist, &ncrdataset); ncrdataset.trust = trust; + if (message->rcode == dns_rcode_nxdomain) + ncrdataset.attributes |= DNS_RDATASETATTR_NXDOMAIN; return (dns_db_addrdataset(cache, node, NULL, now, &ncrdataset, 0, addedrdataset)); diff --git a/usr.sbin/bind/lib/dns/nxt.c b/usr.sbin/bind/lib/dns/nxt.c index 4a531ddf286..00c67f291cd 100644 --- a/usr.sbin/bind/lib/dns/nxt.c +++ b/usr.sbin/bind/lib/dns/nxt.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: nxt.c,v 1.26 2001/01/09 21:51:09 bwelling Exp $ */ +/* $ISC: nxt.c,v 1.26.2.2 2003/10/09 07:32:37 marka Exp $ */ #include <config.h> @@ -119,7 +119,7 @@ dns_nxt_buildrdata(dns_db_t *db, dns_dbversion_t *version, if (result != ISC_R_NOMORE) return (result); - r.length += ((max_type + 7) / 8); + r.length += max_type / 8 + 1; INSIST(r.length <= DNS_NXT_BUFFERSIZE); dns_rdata_fromregion(rdata, dns_db_class(db), diff --git a/usr.sbin/bind/lib/dns/rbt.c b/usr.sbin/bind/lib/dns/rbt.c index 3dd6ce5fc34..25ec29ca270 100644 --- a/usr.sbin/bind/lib/dns/rbt.c +++ b/usr.sbin/bind/lib/dns/rbt.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: rbt.c,v 1.115 2001/06/04 19:33:05 tale Exp $ */ +/* $ISC: rbt.c,v 1.115.2.2 2003/07/22 04:03:42 marka Exp $ */ /* Principal Authors: DCL */ @@ -1526,8 +1526,7 @@ dns_rbt_formatnodename(dns_rbtnode_t *node, char *printname, unsigned int size) if (result == ISC_R_SUCCESS) dns_name_format(name, printname, size); else - snprintf(printname, size, - "<error building name: %s>", + snprintf(printname, size, "<error building name: %s>", dns_result_totext(result)); return (printname); diff --git a/usr.sbin/bind/lib/dns/rbtdb.c b/usr.sbin/bind/lib/dns/rbtdb.c index a54adfbc197..0dfa06c90e4 100644 --- a/usr.sbin/bind/lib/dns/rbtdb.c +++ b/usr.sbin/bind/lib/dns/rbtdb.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: rbtdb.c,v 1.168.2.3 2002/08/05 06:57:11 marka Exp $ */ +/* $ISC: rbtdb.c,v 1.168.2.13 2003/10/17 05:39:44 marka Exp $ */ /* * Principal Author: Bob Halley @@ -84,7 +84,7 @@ typedef isc_uint32_t rbtdb_rdatatype_t; RBTDB_RDATATYPE_VALUE(dns_rdatatype_sig, dns_rdatatype_cname) #define RBTDB_RDATATYPE_SIGDNAME \ RBTDB_RDATATYPE_VALUE(dns_rdatatype_sig, dns_rdatatype_dname) -#define RBTDB_RDATATYPE_NXDOMAIN \ +#define RBTDB_RDATATYPE_NCACHEANY \ RBTDB_RDATATYPE_VALUE(0, dns_rdatatype_any) typedef struct rdatasetheader { @@ -108,6 +108,7 @@ typedef struct rdatasetheader { #define RDATASET_ATTR_STALE 0x0002 #define RDATASET_ATTR_IGNORE 0x0004 #define RDATASET_ATTR_RETAIN 0x0008 +#define RDATASET_ATTR_NXDOMAIN 0x0010 /* * XXX @@ -127,6 +128,8 @@ typedef struct rdatasetheader { (((header)->attributes & RDATASET_ATTR_IGNORE) != 0) #define RETAIN(header) \ (((header)->attributes & RDATASET_ATTR_RETAIN) != 0) +#define NXDOMAIN(header) \ + (((header)->attributes & RDATASET_ATTR_NXDOMAIN) != 0) #define DEFAULT_NODE_LOCK_COUNT 7 /* Should be prime. */ @@ -167,6 +170,7 @@ typedef struct { rbtdb_nodelock_t * node_locks; dns_rbtnode_t * origin_node; /* Locked by lock. */ + unsigned int active; isc_refcount_t references; unsigned int attributes; rbtdb_serial_t current_serial; @@ -369,9 +373,10 @@ free_rbtdb(dns_rbtdb_t *rbtdb) { } static inline void -maybe_free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t set_exiting) { - isc_boolean_t want_free = ISC_TRUE; +maybe_free_rbtdb(dns_rbtdb_t *rbtdb) { + isc_boolean_t want_free = ISC_FALSE; unsigned int i; + unsigned int inactive = 0; /* XXX check for open versions here */ @@ -381,15 +386,21 @@ maybe_free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t set_exiting) { */ for (i = 0; i < rbtdb->node_lock_count; i++) { LOCK(&rbtdb->node_locks[i].lock); - if (set_exiting) - rbtdb->node_locks[i].exiting = ISC_TRUE; - if (rbtdb->node_locks[i].references != 0) - want_free = ISC_FALSE; + rbtdb->node_locks[i].exiting = ISC_TRUE; + if (rbtdb->node_locks[i].references == 0) + inactive++; UNLOCK(&rbtdb->node_locks[i].lock); } - if (want_free) - free_rbtdb(rbtdb); + if (inactive != 0) { + LOCK(&rbtdb->lock); + rbtdb->active -= inactive; + if (rbtdb->active == 0) + want_free = ISC_TRUE; + UNLOCK(&rbtdb->lock); + if (want_free) + free_rbtdb(rbtdb); + } } static void @@ -402,7 +413,7 @@ detach(dns_db_t **dbp) { isc_refcount_decrement(&rbtdb->references, &refs); if (refs == 0) - maybe_free_rbtdb(rbtdb, ISC_TRUE); + maybe_free_rbtdb(rbtdb); *dbp = NULL; } @@ -792,10 +803,10 @@ no_references(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, * we only do a trylock. */ if (lock == isc_rwlocktype_read) - RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_read); - - result = isc_rwlock_trylock(&rbtdb->tree_lock, - isc_rwlocktype_write); + result = isc_rwlock_tryupgrade(&rbtdb->tree_lock); + else + result = isc_rwlock_trylock(&rbtdb->tree_lock, + isc_rwlocktype_write); RUNTIME_CHECK(result == ISC_R_SUCCESS || result == ISC_R_LOCKBUSY); @@ -826,12 +837,13 @@ no_references(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, /* * Relock a read lock, or unlock the write lock if no lock was held. */ - if (lock != isc_rwlocktype_write) + if (lock == isc_rwlocktype_none) if (write_locked) RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_write); if (lock == isc_rwlocktype_read) - RWLOCK(&rbtdb->tree_lock, isc_rwlocktype_read); + if (write_locked) + isc_rwlock_downgrade(&rbtdb->tree_lock); } static inline void @@ -1064,6 +1076,34 @@ add_wildcard_magic(dns_rbtdb_t *rbtdb, dns_name_t *name) { } static isc_result_t +add_empty_wildcards(dns_rbtdb_t *rbtdb, dns_name_t *name) { + isc_result_t result; + dns_name_t foundname; + dns_offsets_t offsets; + unsigned int n, l, i; + + dns_name_init(&foundname, offsets); + n = dns_name_countlabels(name); + l = dns_name_countlabels(&rbtdb->common.origin); + i = l + 1; + while (i < n) { + dns_rbtnode_t *node = NULL; /* dummy */ + dns_name_getlabelsequence(name, n - i, i, &foundname); + if (dns_name_iswildcard(&foundname)) { + result = add_wildcard_magic(rbtdb, &foundname); + if (result != ISC_R_SUCCESS) + return (result); + result = dns_rbt_addnode(rbtdb->tree, &foundname, + &node); + if (result != ISC_R_SUCCESS && result != ISC_R_EXISTS) + return (result); + } + i++; + } + return (ISC_R_SUCCESS); +} + +static isc_result_t findnode(dns_db_t *db, dns_name_t *name, isc_boolean_t create, dns_dbnode_t **nodep) { @@ -1103,6 +1143,8 @@ findnode(dns_db_t *db, dns_name_t *name, isc_boolean_t create, node->locknum = dns_name_hash(&nodename, ISC_TRUE) % rbtdb->node_lock_count; #endif + add_empty_wildcards(rbtdb, name); + if (dns_name_iswildcard(name)) { result = add_wildcard_magic(rbtdb, name); if (result != ISC_R_SUCCESS) { @@ -1287,6 +1329,8 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdataset->covers = RBTDB_RDATATYPE_EXT(header->type); rdataset->ttl = header->ttl - now; rdataset->trust = header->trust; + if (NXDOMAIN(header)) + rdataset->attributes |= DNS_RDATASETATTR_NXDOMAIN; rdataset->private1 = rbtdb; rdataset->private2 = node; raw = (unsigned char *)header + sizeof(*header); @@ -1295,7 +1339,7 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, /* * Reset iterator state. */ - rdataset->private4 = NULL; + rdataset->privateuint4 = 0; rdataset->private5 = NULL; } @@ -1411,8 +1455,171 @@ valid_glue(rbtdb_search_t *search, dns_name_t *name, rbtdb_rdatatype_t type, return (valid); } +static inline isc_boolean_t +activeempty(rbtdb_search_t *search, dns_rbtnodechain_t *chain, + dns_name_t *name) +{ + dns_fixedname_t fnext; + dns_fixedname_t forigin; + dns_name_t *next; + dns_name_t *origin; + dns_name_t prefix; + dns_rbtdb_t *rbtdb; + dns_rbtnode_t *node; + isc_result_t result; + isc_boolean_t answer = ISC_FALSE; + rdatasetheader_t *header; + + rbtdb = search->rbtdb; + + dns_name_init(&prefix, NULL); + dns_fixedname_init(&fnext); + next = dns_fixedname_name(&fnext); + dns_fixedname_init(&forigin); + origin = dns_fixedname_name(&forigin); + + result = dns_rbtnodechain_next(chain, NULL, NULL); + while (result == ISC_R_SUCCESS || result == DNS_R_NEWORIGIN) { + node = NULL; + result = dns_rbtnodechain_current(chain, &prefix, + origin, &node); + if (result != ISC_R_SUCCESS) + break; + LOCK(&(rbtdb->node_locks[node->locknum].lock)); + for (header = node->data; + header != NULL; + header = header->next) { + if (header->serial <= search->serial && + !IGNORE(header) && EXISTS(header)) + break; + } + UNLOCK(&(rbtdb->node_locks[node->locknum].lock)); + if (header != NULL) + break; + result = dns_rbtnodechain_next(chain, NULL, NULL); + } + if (result == ISC_R_SUCCESS) + result = dns_name_concatenate(&prefix, origin, next, NULL); + if (result == ISC_R_SUCCESS && dns_name_issubdomain(next, name)) + answer = ISC_TRUE; + return (answer); +} + +static inline isc_boolean_t +activeemtpynode(rbtdb_search_t *search, dns_name_t *qname, dns_name_t *wname) { + dns_fixedname_t fnext; + dns_fixedname_t forigin; + dns_fixedname_t fprev; + dns_name_t *next; + dns_name_t *origin; + dns_name_t *prev; + dns_name_t name; + dns_name_t rname; + dns_name_t tname; + dns_rbtdb_t *rbtdb; + dns_rbtnode_t *node; + dns_rbtnodechain_t chain; + isc_boolean_t check_next = ISC_TRUE; + isc_boolean_t check_prev = ISC_TRUE; + isc_boolean_t answer = ISC_FALSE; + isc_result_t result; + rdatasetheader_t *header; + unsigned int n; + + rbtdb = search->rbtdb; + + dns_name_init(&name, NULL); + dns_name_init(&tname, NULL); + dns_name_init(&rname, NULL); + dns_fixedname_init(&fnext); + next = dns_fixedname_name(&fnext); + dns_fixedname_init(&fprev); + prev = dns_fixedname_name(&fprev); + dns_fixedname_init(&forigin); + origin = dns_fixedname_name(&forigin); + + /* + * Find if qname is at or below a empty node. + * Use our own copy of the chain. + */ + + chain = search->chain; + do { + node = NULL; + result = dns_rbtnodechain_current(&chain, &name, + origin, &node); + if (result != ISC_R_SUCCESS) + break; + LOCK(&(rbtdb->node_locks[node->locknum].lock)); + for (header = node->data; + header != NULL; + header = header->next) { + if (header->serial <= search->serial && + !IGNORE(header) && EXISTS(header)) + break; + } + UNLOCK(&(rbtdb->node_locks[node->locknum].lock)); + if (header != NULL) + break; + result = dns_rbtnodechain_prev(&chain, NULL, NULL); + } while (result == ISC_R_SUCCESS || result == DNS_R_NEWORIGIN); + if (result == ISC_R_SUCCESS) + result = dns_name_concatenate(&name, origin, prev, NULL); + if (result != ISC_R_SUCCESS) + check_prev = ISC_FALSE; + + result = dns_rbtnodechain_next(&chain, NULL, NULL); + while (result == ISC_R_SUCCESS || result == DNS_R_NEWORIGIN) { + node = NULL; + result = dns_rbtnodechain_current(&chain, &name, + origin, &node); + if (result != ISC_R_SUCCESS) + break; + LOCK(&(rbtdb->node_locks[node->locknum].lock)); + for (header = node->data; + header != NULL; + header = header->next) { + if (header->serial <= search->serial && + !IGNORE(header) && EXISTS(header)) + break; + } + UNLOCK(&(rbtdb->node_locks[node->locknum].lock)); + if (header != NULL) + break; + result = dns_rbtnodechain_next(&chain, NULL, NULL); + } + if (result == ISC_R_SUCCESS) + result = dns_name_concatenate(&name, origin, next, NULL); + if (result != ISC_R_SUCCESS) + check_next = ISC_FALSE; + + dns_name_clone(qname, &rname); + + /* + * Remove the wildcard label to find the terminal name. + */ + n = dns_name_countlabels(wname); + dns_name_getlabelsequence(wname, 1, n - 1, &tname); + + do { + if ((check_prev && dns_name_issubdomain(prev, &rname)) || + (check_next && dns_name_issubdomain(next, &rname))) { + answer = ISC_TRUE; + break; + } + /* + * Remove the left hand label. + */ + n = dns_name_countlabels(&rname); + dns_name_getlabelsequence(&rname, 1, n - 1, &rname); + } while (!dns_name_equal(&rname, &tname)); + return (answer); +} + static inline isc_result_t -find_wildcard(rbtdb_search_t *search, dns_rbtnode_t **nodep) { +find_wildcard(rbtdb_search_t *search, dns_rbtnode_t **nodep, + dns_name_t *qname) +{ unsigned int i, j; dns_rbtnode_t *node, *level_node, *wnode; rdatasetheader_t *header; @@ -1422,6 +1629,7 @@ find_wildcard(rbtdb_search_t *search, dns_rbtnode_t **nodep) { dns_fixedname_t fwname; dns_rbtdb_t *rbtdb; isc_boolean_t done, wild, active; + dns_rbtnodechain_t wchain; /* * Caller must be holding the tree lock and MUST NOT be holding @@ -1495,8 +1703,9 @@ find_wildcard(rbtdb_search_t *search, dns_rbtnode_t **nodep) { break; wnode = NULL; + dns_rbtnodechain_init(&wchain, NULL); result = dns_rbt_findnode(rbtdb->tree, wname, - NULL, &wnode, NULL, + NULL, &wnode, &wchain, DNS_RBTFIND_EMPTYDATA, NULL, NULL); if (result == ISC_R_SUCCESS) { @@ -1514,7 +1723,10 @@ find_wildcard(rbtdb_search_t *search, dns_rbtnode_t **nodep) { break; } UNLOCK(&(rbtdb->node_locks[wnode->locknum].lock)); - if (header != NULL) { + if (header != NULL || + activeempty(search, &wchain, wname)) { + if (activeemtpynode(search, qname, wname)) + return (ISC_R_NOTFOUND); /* * The wildcard node is active! * @@ -1704,6 +1916,9 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, rdatasetheader_t *header, *header_next, *found, *nxtheader; rdatasetheader_t *foundsig, *cnamesig, *nxtsig; rbtdb_rdatatype_t sigtype; + isc_boolean_t active; + dns_rbtnodechain_t chain; + search.rbtdb = (dns_rbtdb_t *)db; @@ -1765,7 +1980,7 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, * we must see if there's a matching wildcard active * in the current version. */ - result = find_wildcard(&search, &node); + result = find_wildcard(&search, &node, name); if (result == ISC_R_SUCCESS) { result = dns_name_copy(name, foundname, NULL); if (result != ISC_R_SUCCESS) @@ -1777,6 +1992,9 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, goto tree_exit; } + chain = search.chain; + active = activeempty(&search, &chain, name); + /* * If we're here, then the name does not exist, is not * beneath a zonecut, and there's no matching wildcard. @@ -1785,9 +2003,10 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, result = find_closest_nxt(&search, nodep, foundname, rdataset, sigrdataset); if (result == ISC_R_SUCCESS) - result = DNS_R_NXDOMAIN; + result = active ? DNS_R_EMPTYNAME : + DNS_R_NXDOMAIN; } else - result = DNS_R_NXDOMAIN; + result = active ? DNS_R_EMPTYNAME : DNS_R_NXDOMAIN; goto tree_exit; } else if (result != ISC_R_SUCCESS) goto tree_exit; @@ -1970,14 +2189,11 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, * active rdatasets in the desired version. That means that * this node doesn't exist in the desired version, and that * we really have a partial match. - * - * If the node is the result of a wildcard match, then - * it must be active in the desired version, and hence - * empty_node should never be true. We INSIST upon it. */ - INSIST(!wild); - UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock)); - goto partial_match; + if (!wild) { + UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock)); + goto partial_match; + } } /* @@ -1995,30 +2211,37 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, result = setup_delegation(&search, nodep, foundname, rdataset, sigrdataset); goto tree_exit; - } else { + } + /* + * The desired type doesn't exist. + */ + result = DNS_R_NXRRSET; + if (search.rbtdb->secure && + (nxtheader == NULL || nxtsig == NULL)) { /* - * The desired type doesn't exist. + * The zone is secure but there's no NXT, + * or the NXT has no signature! */ - result = DNS_R_NXRRSET; - if (search.rbtdb->secure && - (nxtheader == NULL || nxtsig == NULL)) { - /* - * The zone is secure but there's no NXT, - * or the NXT has no signature! - */ + if (!wild) { result = DNS_R_BADDB; goto node_exit; } - if (nodep != NULL) { - new_reference(search.rbtdb, node); - *nodep = node; - } - if (search.rbtdb->secure) { - bind_rdataset(search.rbtdb, node, nxtheader, - 0, rdataset); - bind_rdataset(search.rbtdb, node, nxtsig, - 0, sigrdataset); - } + UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock)); + result = find_closest_nxt(&search, nodep, foundname, + rdataset, sigrdataset); + if (result == ISC_R_SUCCESS) + result = DNS_R_EMPTYWILD; + goto tree_exit; + } + if (nodep != NULL) { + new_reference(search.rbtdb, node); + *nodep = node; + } + if (search.rbtdb->secure) { + bind_rdataset(search.rbtdb, node, nxtheader, + 0, rdataset); + bind_rdataset(search.rbtdb, node, nxtsig, + 0, sigrdataset); } goto node_exit; } @@ -2510,7 +2733,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, * target type. Remember it. */ foundsig = header; - } else if (header->type == RBTDB_RDATATYPE_NXDOMAIN || + } else if (header->type == RBTDB_RDATATYPE_NCACHEANY || header->type == nxtype) { /* * We've found a negative cache entry. @@ -2598,7 +2821,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, /* * We found a negative cache entry. */ - if (found->type == RBTDB_RDATATYPE_NXDOMAIN) + if (NXDOMAIN(found)) result = DNS_R_NCACHENXDOMAIN; else result = DNS_R_NCACHENXRRSET; @@ -2618,7 +2841,8 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, result = ISC_R_SUCCESS; } - if (type != dns_rdatatype_any || result == DNS_R_NCACHENXDOMAIN) { + if (type != dns_rdatatype_any || result == DNS_R_NCACHENXDOMAIN || + result == DNS_R_NCACHENXRRSET) { bind_rdataset(search.rbtdb, node, found, search.now, rdataset); if (foundsig != NULL) @@ -2813,7 +3037,8 @@ static void detachnode(dns_db_t *db, dns_dbnode_t **targetp) { dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)db; dns_rbtnode_t *node; - isc_boolean_t maybe_free = ISC_FALSE; + isc_boolean_t want_free = ISC_FALSE; + isc_boolean_t inactive = ISC_FALSE; unsigned int locknum; REQUIRE(VALID_RBTDB(rbtdb)); @@ -2830,15 +3055,22 @@ detachnode(dns_db_t *db, dns_dbnode_t **targetp) { no_references(rbtdb, node, 0, isc_rwlocktype_none); if (rbtdb->node_locks[locknum].references == 0 && rbtdb->node_locks[locknum].exiting) - maybe_free = ISC_TRUE; + inactive = ISC_TRUE; } UNLOCK(&rbtdb->node_locks[locknum].lock); *targetp = NULL; - if (maybe_free) - maybe_free_rbtdb(rbtdb, ISC_FALSE); + if (inactive) { + LOCK(&rbtdb->lock); + rbtdb->active--; + if (rbtdb->active == 0) + want_free = ISC_TRUE; + UNLOCK(&rbtdb->lock); + if (want_free) + free_rbtdb(rbtdb); + } } static isc_result_t @@ -3140,7 +3372,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, 0) { if (header->type == matchtype) found = header; - else if (header->type == RBTDB_RDATATYPE_NXDOMAIN || + else if (header->type == RBTDB_RDATATYPE_NCACHEANY || header->type == nxtype) found = header; else if (header->type == sigmatchtype) @@ -3163,7 +3395,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, /* * We found a negative cache entry. */ - if (found->type == RBTDB_RDATATYPE_NXDOMAIN) + if (NXDOMAIN(found)) result = DNS_R_NCACHENXDOMAIN; else result = DNS_R_NCACHENXRRSET; @@ -3391,8 +3623,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, for (topheader = rbtnode->data; topheader != NULL; topheader = topheader->next) { - if (topheader->type == - RBTDB_RDATATYPE_NXDOMAIN) + if (NXDOMAIN(topheader)) break; } if (topheader != NULL && EXISTS(topheader) && @@ -3516,6 +3747,52 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, return (result); } } + /* + * Don't replace existing NS, A and AAAA RRsets + * in the cache if they are already exist. This + * prevents named being locked to old servers. + */ + if (IS_CACHE(rbtdb) && header->ttl > now && + header->type == dns_rdatatype_ns && + !header_nx && !newheader_nx && + header->trust == newheader->trust && + dns_rdataslab_equalx((unsigned char *)header, + (unsigned char *)newheader, + (unsigned int)(sizeof(*newheader)), + rbtdb->common.rdclass, + (dns_rdatatype_t)header->type)) { + /* + * Honour the new ttl if it is less than the + * older one. + */ + if (header->ttl > newheader->ttl) + header->ttl = newheader->ttl; + free_rdataset(rbtdb->common.mctx, newheader); + if (addedrdataset != NULL) + bind_rdataset(rbtdb, rbtnode, header, now, + addedrdataset); + return (ISC_R_SUCCESS); + } + if (IS_CACHE(rbtdb) && header->ttl > now && + (header->type == dns_rdatatype_a || + header->type == dns_rdatatype_aaaa) && + !header_nx && !newheader_nx && + header->trust == newheader->trust && + dns_rdataslab_equal((unsigned char *)header, + (unsigned char *)newheader, + (unsigned int)(sizeof(*newheader)))) { + /* + * Honour the new ttl if it is less than the + * older one. + */ + if (header->ttl > newheader->ttl) + header->ttl = newheader->ttl; + free_rdataset(rbtdb->common.mctx, newheader); + if (addedrdataset != NULL) + bind_rdataset(rbtdb, rbtnode, header, now, + addedrdataset); + return (ISC_R_SUCCESS); + } INSIST(rbtversion == NULL || rbtversion->serial >= topheader->serial); if (topheader_prev != NULL) @@ -3653,6 +3930,8 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, } else { newheader->serial = 1; newheader->trust = rdataset->trust; + if ((rdataset->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0) + newheader->attributes |= RDATASET_ATTR_NXDOMAIN; } /* @@ -3881,6 +4160,8 @@ loading_addrdataset(void *arg, dns_name_t *name, dns_rdataset_t *rdataset) { !IS_CACHE(rbtdb) && !dns_name_equal(name, &rbtdb->common.origin)) return (DNS_R_NOTZONETOP); + add_empty_wildcards(rbtdb, name); + if (dns_name_iswildcard(name)) { /* * NS record owners cannot legally be wild cards. @@ -4223,6 +4504,7 @@ dns_rbtdb_create rbtdb->node_lock_count = DEFAULT_NODE_LOCK_COUNT; rbtdb->node_locks = isc_mem_get(mctx, rbtdb->node_lock_count * sizeof (rbtdb_nodelock_t)); + rbtdb->active = rbtdb->node_lock_count; for (i = 0; i < (int)(rbtdb->node_lock_count); i++) { result = isc_mutex_init(&rbtdb->node_locks[i].lock); if (result != ISC_R_SUCCESS) { @@ -4365,12 +4647,12 @@ rdataset_first(dns_rdataset_t *rdataset) { } raw += 2; /* - * The private4 field is the number of rdata beyond the cursor + * The privateuint4 field is the number of rdata beyond the cursor * position, so we decrement the total count by one before storing * it. */ count--; - rdataset->private4 = (void *)count; + rdataset->privateuint4 = count; rdataset->private5 = raw; return (ISC_R_SUCCESS); @@ -4382,11 +4664,11 @@ rdataset_next(dns_rdataset_t *rdataset) { unsigned int length; unsigned char *raw; - count = (unsigned int)rdataset->private4; + count = rdataset->privateuint4; if (count == 0) return (ISC_R_NOMORE); count--; - rdataset->private4 = (void *)count; + rdataset->privateuint4 = count; raw = rdataset->private5; length = raw[0] * 256 + raw[1]; raw += length + 2; @@ -4420,7 +4702,7 @@ rdataset_clone(dns_rdataset_t *source, dns_rdataset_t *target) { /* * Reset iterator state. */ - target->private4 = NULL; + target->privateuint4 = 0; target->private5 = NULL; } @@ -4702,6 +4984,7 @@ static void dbiterator_destroy(dns_dbiterator_t **iteratorp) { rbtdb_dbiterator_t *rbtdbiter = (rbtdb_dbiterator_t *)(*iteratorp); dns_rbtdb_t *rbtdb = (dns_rbtdb_t *)rbtdbiter->common.db; + dns_db_t *db = NULL; if (rbtdbiter->tree_locked == isc_rwlocktype_read) { RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_read); @@ -4713,10 +4996,12 @@ dbiterator_destroy(dns_dbiterator_t **iteratorp) { flush_deletions(rbtdbiter); + dns_db_attach(rbtdbiter->common.db, &db); dns_db_detach(&rbtdbiter->common.db); dns_rbtnodechain_reset(&rbtdbiter->chain); - isc_mem_put(rbtdb->common.mctx, rbtdbiter, sizeof *rbtdbiter); + isc_mem_put(db->mctx, rbtdbiter, sizeof(*rbtdbiter)); + dns_db_detach(&db); *iteratorp = NULL; } diff --git a/usr.sbin/bind/lib/dns/rdata.c b/usr.sbin/bind/lib/dns/rdata.c index 3fddd4ea445..0b8838d72bb 100644 --- a/usr.sbin/bind/lib/dns/rdata.c +++ b/usr.sbin/bind/lib/dns/rdata.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1998-2002 Internet Software Consortium. + * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: rdata.c,v 1.147.2.7 2002/03/27 23:52:33 marka Exp $ */ +/* $ISC: rdata.c,v 1.147.2.11 2003/07/30 01:04:15 marka Exp $ */ #include <config.h> #include <ctype.h> @@ -620,7 +620,7 @@ unknown_fromtext(dns_rdataclass_t rdclass, dns_rdatatype_t type, result = isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE); - if (result == ISC_R_SUCCESS && token.value.as_ulong > 65535) + if (result == ISC_R_SUCCESS && token.value.as_ulong > 65535U) return (ISC_R_RANGE); result = isc_buffer_allocate(mctx, &buf, token.value.as_ulong); if (result != ISC_R_SUCCESS) @@ -759,7 +759,7 @@ rdata_totext(dns_rdata_t *rdata, dns_rdata_textctx_t *tctx, { isc_result_t result = ISC_R_NOTIMPLEMENTED; isc_boolean_t use_default = ISC_FALSE; - char buf[sizeof "65536"]; + char buf[sizeof("65536")]; isc_region_t sr; REQUIRE(rdata != NULL); @@ -952,10 +952,9 @@ dns_rdata_digest(dns_rdata_t *rdata, dns_digestfunc_t digest, void *arg) { unsigned int dns_rdatatype_attributes(dns_rdatatype_t type) { - if (type > 255) - return (DNS_RDATATYPEATTR_UNKNOWN); - - return (typeattr[type].flags); + if (type < (sizeof(typeattr)/sizeof(typeattr[0]))) + return (typeattr[type].flags); + return (DNS_RDATATYPEATTR_UNKNOWN); } #define NUMBERSIZE sizeof("037777777777") /* 2^32-1 octal + NUL */ @@ -1083,7 +1082,7 @@ dns_rdataclass_fromtext(dns_rdataclass_t *classp, isc_textregion_t *source) { isc_result_t dns_rdataclass_totext(dns_rdataclass_t rdclass, isc_buffer_t *target) { - char buf[sizeof("CLASS65536")]; + char buf[sizeof("CLASS65535")]; switch (rdclass) { case dns_rdataclass_any: @@ -1170,14 +1169,12 @@ dns_rdatatype_fromtext(dns_rdatatype_t *typep, isc_textregion_t *source) { isc_result_t dns_rdatatype_totext(dns_rdatatype_t type, isc_buffer_t *target) { - char buf[sizeof "TYPE65536"]; + char buf[sizeof("TYPE65536")]; - if (type > 255) { - snprintf(buf, sizeof buf, "TYPE%u", type); - return (str_totext(buf, target)); - } - - return (str_totext(typeattr[type].name, target)); + if (type < (sizeof(typeattr)/sizeof(typeattr[0]))) + return (str_totext(typeattr[type].name, target)); + snprintf(buf, sizeof buf, "TYPE%u", type); + return (str_totext(buf, target)); } void @@ -1818,7 +1815,7 @@ atob_tobuffer(isc_lex_t *lexer, isc_buffer_t *target) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if ((token.value.as_ulong % 4) != 0) + if ((token.value.as_ulong % 4) != 0U) isc_buffer_subtract(target, 4 - (token.value.as_ulong % 4)); /* @@ -2053,7 +2050,6 @@ dns_rdatatype_questiononly(dns_rdatatype_t type) { isc_boolean_t dns_rdataclass_ismeta(dns_rdataclass_t rdclass) { - REQUIRE(rdclass < 65536); if (rdclass == dns_rdataclass_reserved0 || rdclass == dns_rdataclass_none diff --git a/usr.sbin/bind/lib/dns/rdata/any_255/tsig_250.c b/usr.sbin/bind/lib/dns/rdata/any_255/tsig_250.c index 063f7bec37e..890e2afe8ca 100644 --- a/usr.sbin/bind/lib/dns/rdata/any_255/tsig_250.c +++ b/usr.sbin/bind/lib/dns/rdata/any_255/tsig_250.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: tsig_250.c,v 1.52 2001/07/16 03:05:58 marka Exp $ */ +/* $ISC: tsig_250.c,v 1.52.2.2 2003/10/09 07:32:41 marka Exp $ */ /* Reviewed: Thu Mar 16 13:39:43 PST 2000 by gson */ @@ -70,7 +70,7 @@ fromtext_any_tsig(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); @@ -79,7 +79,7 @@ fromtext_any_tsig(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); @@ -93,7 +93,7 @@ fromtext_any_tsig(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); @@ -119,7 +119,7 @@ fromtext_any_tsig(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); diff --git a/usr.sbin/bind/lib/dns/rdata/generic/afsdb_18.c b/usr.sbin/bind/lib/dns/rdata/generic/afsdb_18.c index 71c0fe51cab..5071f12cccf 100644 --- a/usr.sbin/bind/lib/dns/rdata/generic/afsdb_18.c +++ b/usr.sbin/bind/lib/dns/rdata/generic/afsdb_18.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: afsdb_18.c,v 1.39 2001/07/16 03:06:00 marka Exp $ */ +/* $ISC: afsdb_18.c,v 1.39.2.2 2003/10/09 07:32:42 marka Exp $ */ /* Reviewed: Wed Mar 15 14:59:00 PST 2000 by explorer */ @@ -43,7 +43,7 @@ fromtext_afsdb(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); diff --git a/usr.sbin/bind/lib/dns/rdata/generic/cert_37.c b/usr.sbin/bind/lib/dns/rdata/generic/cert_37.c index 2485a82d11a..5b5bafc78af 100644 --- a/usr.sbin/bind/lib/dns/rdata/generic/cert_37.c +++ b/usr.sbin/bind/lib/dns/rdata/generic/cert_37.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: cert_37.c,v 1.40 2001/07/16 03:06:01 marka Exp $ */ +/* $ISC: cert_37.c,v 1.40.2.2 2003/10/09 07:32:42 marka Exp $ */ /* Reviewed: Wed Mar 15 21:14:32 EST 2000 by tale */ @@ -53,7 +53,7 @@ fromtext_cert(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); diff --git a/usr.sbin/bind/lib/dns/rdata/generic/loc_29.c b/usr.sbin/bind/lib/dns/rdata/generic/loc_29.c index 09c4036df72..1fffee76acd 100644 --- a/usr.sbin/bind/lib/dns/rdata/generic/loc_29.c +++ b/usr.sbin/bind/lib/dns/rdata/generic/loc_29.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: loc_29.c,v 1.30.2.2 2002/08/05 06:57:14 marka Exp $ */ +/* $ISC: loc_29.c,v 1.30.2.4 2003/10/09 07:32:42 marka Exp $ */ /* Reviewed: Wed Mar 15 18:13:09 PST 2000 by explorer */ @@ -73,7 +73,7 @@ fromtext_loc(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 90) + if (token.value.as_ulong > 90U) RETTOK(ISC_R_RANGE); d1 = (int)token.value.as_ulong; /* @@ -142,7 +142,7 @@ fromtext_loc(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 180) + if (token.value.as_ulong > 180U) RETTOK(ISC_R_RANGE); d2 = (int)token.value.as_ulong; @@ -511,7 +511,7 @@ totext_loc(ARGS_TOTEXT) { altitude = uint32_fromregion(&sr); isc_region_consume(&sr, 4); - if (altitude < 10000000) { + if (altitude < 10000000U) { below = ISC_TRUE; altitude = 10000000 - altitude; } else { diff --git a/usr.sbin/bind/lib/dns/rdata/generic/mx_15.c b/usr.sbin/bind/lib/dns/rdata/generic/mx_15.c index 8e2806868aa..cb39914efb9 100644 --- a/usr.sbin/bind/lib/dns/rdata/generic/mx_15.c +++ b/usr.sbin/bind/lib/dns/rdata/generic/mx_15.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1998-2001 Internet Software Consortium. + * Copyright (C) 1998-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: mx_15.c,v 1.48 2001/07/16 03:06:19 marka Exp $ */ +/* $ISC: mx_15.c,v 1.48.2.2 2003/10/09 07:32:42 marka Exp $ */ /* reviewed: Wed Mar 15 18:05:46 PST 2000 by brister */ @@ -38,7 +38,7 @@ fromtext_mx(ARGS_FROMTEXT) { RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); diff --git a/usr.sbin/bind/lib/dns/rdata/generic/nxt_30.c b/usr.sbin/bind/lib/dns/rdata/generic/nxt_30.c index 95854befba5..1da8d782a8a 100644 --- a/usr.sbin/bind/lib/dns/rdata/generic/nxt_30.c +++ b/usr.sbin/bind/lib/dns/rdata/generic/nxt_30.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: nxt_30.c,v 1.49 2001/07/16 03:06:23 marka Exp $ */ +/* $ISC: nxt_30.c,v 1.49.2.2 2003/07/22 04:03:46 marka Exp $ */ /* reviewed: Wed Mar 15 18:21:15 PST 2000 by brister */ @@ -143,9 +143,9 @@ fromwire_nxt(ARGS_FROMWIRE) { RETERR(dns_name_fromwire(&name, source, dctx, downcase, target)); isc_buffer_activeregion(source, &sr); - /* XXXRTH Enforce RFC 2535 length rules if bit 0 is not set. */ - if (sr.length > 8 * 1024) - return (DNS_R_EXTRADATA); + if (sr.length > 0 && (sr.base[0] & 0x80) == 0 && + ((sr.length > 16) || sr.base[sr.length - 1] == 0)) + return (DNS_R_BADBITMAP); RETERR(mem_tobuffer(target, sr.base, sr.length)); isc_buffer_forward(source, sr.length); return (ISC_R_SUCCESS); @@ -207,6 +207,10 @@ fromstruct_nxt(ARGS_FROMSTRUCT) { REQUIRE(nxt->common.rdtype == type); REQUIRE(nxt->common.rdclass == rdclass); REQUIRE(nxt->typebits != NULL || nxt->len == 0); + if (nxt->typebits != NULL && (nxt->typebits[0] & 0x80) == 0) { + REQUIRE(nxt->len <= 16); + REQUIRE(nxt->typebits[nxt->len - 1] != 0); + } UNUSED(type); UNUSED(rdclass); diff --git a/usr.sbin/bind/lib/dns/rdata/generic/rt_21.c b/usr.sbin/bind/lib/dns/rdata/generic/rt_21.c index a3c02d3b725..a8ed673582a 100644 --- a/usr.sbin/bind/lib/dns/rdata/generic/rt_21.c +++ b/usr.sbin/bind/lib/dns/rdata/generic/rt_21.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: rt_21.c,v 1.37 2001/07/16 03:06:28 marka Exp $ */ +/* $ISC: rt_21.c,v 1.37.2.2 2003/10/09 07:32:42 marka Exp $ */ /* reviewed: Thu Mar 16 15:02:31 PST 2000 by brister */ @@ -40,7 +40,7 @@ fromtext_rt(ARGS_FROMTEXT) { RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); diff --git a/usr.sbin/bind/lib/dns/rdata/generic/sig_24.c b/usr.sbin/bind/lib/dns/rdata/generic/sig_24.c index 6c6ce9dad4d..e408d4826ab 100644 --- a/usr.sbin/bind/lib/dns/rdata/generic/sig_24.c +++ b/usr.sbin/bind/lib/dns/rdata/generic/sig_24.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: sig_24.c,v 1.54 2001/07/16 03:06:29 marka Exp $ */ +/* $ISC: sig_24.c,v 1.54.2.2 2003/10/09 07:32:43 marka Exp $ */ /* Reviewed: Fri Mar 17 09:05:02 PST 2000 by gson */ @@ -73,7 +73,7 @@ fromtext_sig(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xff) + if (token.value.as_ulong > 0xffU) RETTOK(ISC_R_RANGE); c = (unsigned char)token.value.as_ulong; RETERR(mem_tobuffer(target, &c, 1)); diff --git a/usr.sbin/bind/lib/dns/rdata/generic/tkey_249.c b/usr.sbin/bind/lib/dns/rdata/generic/tkey_249.c index 83efe2e9425..d323bb46f6a 100644 --- a/usr.sbin/bind/lib/dns/rdata/generic/tkey_249.c +++ b/usr.sbin/bind/lib/dns/rdata/generic/tkey_249.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: tkey_249.c,v 1.48 2001/07/16 03:06:32 marka Exp $ */ +/* $ISC: tkey_249.c,v 1.48.2.2 2003/10/09 07:32:43 marka Exp $ */ /* * Reviewed: Thu Mar 16 17:35:30 PST 2000 by halley. @@ -73,7 +73,7 @@ fromtext_tkey(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); @@ -99,7 +99,7 @@ fromtext_tkey(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); @@ -113,7 +113,7 @@ fromtext_tkey(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); @@ -221,7 +221,7 @@ totext_tkey(ARGS_TOTEXT) { * Other Data. */ REQUIRE(n <= sr.length); - if (n != 0) { + if (n != 0U) { dr = sr; dr.length = n; if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) diff --git a/usr.sbin/bind/lib/dns/rdata/in_1/a6_38.c b/usr.sbin/bind/lib/dns/rdata/in_1/a6_38.c index 959cae624fc..f3d2103962f 100644 --- a/usr.sbin/bind/lib/dns/rdata/in_1/a6_38.c +++ b/usr.sbin/bind/lib/dns/rdata/in_1/a6_38.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: a6_38.c,v 1.46 2001/07/26 21:34:00 gson Exp $ */ +/* $ISC: a6_38.c,v 1.46.2.2 2003/10/09 07:32:44 marka Exp $ */ /* RFC2874 */ @@ -48,7 +48,7 @@ fromtext_in_a6(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 128) + if (token.value.as_ulong > 128U) RETTOK(ISC_R_RANGE); prefixlen = (unsigned char)token.value.as_ulong; diff --git a/usr.sbin/bind/lib/dns/rdata/in_1/kx_36.c b/usr.sbin/bind/lib/dns/rdata/in_1/kx_36.c index 4280e7792cf..e4926fa5f96 100644 --- a/usr.sbin/bind/lib/dns/rdata/in_1/kx_36.c +++ b/usr.sbin/bind/lib/dns/rdata/in_1/kx_36.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: kx_36.c,v 1.37 2001/07/16 03:06:43 marka Exp $ */ +/* $ISC: kx_36.c,v 1.37.2.2 2003/10/09 07:32:44 marka Exp $ */ /* Reviewed: Thu Mar 16 17:24:54 PST 2000 by explorer */ @@ -41,7 +41,7 @@ fromtext_in_kx(ARGS_FROMTEXT) { RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); diff --git a/usr.sbin/bind/lib/dns/rdata/in_1/naptr_35.c b/usr.sbin/bind/lib/dns/rdata/in_1/naptr_35.c index 977faf28b40..b33ebb147e1 100644 --- a/usr.sbin/bind/lib/dns/rdata/in_1/naptr_35.c +++ b/usr.sbin/bind/lib/dns/rdata/in_1/naptr_35.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: naptr_35.c,v 1.43 2001/07/16 03:06:44 marka Exp $ */ +/* $ISC: naptr_35.c,v 1.43.2.2 2003/10/09 07:32:44 marka Exp $ */ /* Reviewed: Thu Mar 16 16:52:50 PST 2000 by bwelling */ @@ -44,7 +44,7 @@ fromtext_in_naptr(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); @@ -53,7 +53,7 @@ fromtext_in_naptr(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); diff --git a/usr.sbin/bind/lib/dns/rdata/in_1/px_26.c b/usr.sbin/bind/lib/dns/rdata/in_1/px_26.c index d9f06b2fe6f..f21f93d241c 100644 --- a/usr.sbin/bind/lib/dns/rdata/in_1/px_26.c +++ b/usr.sbin/bind/lib/dns/rdata/in_1/px_26.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: px_26.c,v 1.34 2001/07/16 03:06:48 marka Exp $ */ +/* $ISC: px_26.c,v 1.34.2.2 2003/10/09 07:32:45 marka Exp $ */ /* Reviewed: Mon Mar 20 10:44:27 PST 2000 */ @@ -44,7 +44,7 @@ fromtext_in_px(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); diff --git a/usr.sbin/bind/lib/dns/rdata/in_1/srv_33.c b/usr.sbin/bind/lib/dns/rdata/in_1/srv_33.c index 06f628838b5..a2ee550b344 100644 --- a/usr.sbin/bind/lib/dns/rdata/in_1/srv_33.c +++ b/usr.sbin/bind/lib/dns/rdata/in_1/srv_33.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: srv_33.c,v 1.36 2001/07/16 03:06:49 marka Exp $ */ +/* $ISC: srv_33.c,v 1.36.2.2 2003/10/09 07:32:45 marka Exp $ */ /* Reviewed: Fri Mar 17 13:01:00 PST 2000 by bwelling */ @@ -44,7 +44,7 @@ fromtext_in_srv(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); @@ -53,7 +53,7 @@ fromtext_in_srv(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); @@ -62,7 +62,7 @@ fromtext_in_srv(ARGS_FROMTEXT) { */ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, ISC_FALSE)); - if (token.value.as_ulong > 0xffff) + if (token.value.as_ulong > 0xffffU) RETTOK(ISC_R_RANGE); RETERR(uint16_tobuffer(token.value.as_ulong, target)); diff --git a/usr.sbin/bind/lib/dns/rdatalist.c b/usr.sbin/bind/lib/dns/rdatalist.c index 20aa3d1143d..c939281f5f9 100644 --- a/usr.sbin/bind/lib/dns/rdatalist.c +++ b/usr.sbin/bind/lib/dns/rdatalist.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: rdatalist.c,v 1.25 2001/01/09 21:51:21 bwelling Exp $ */ +/* $ISC: rdatalist.c,v 1.25.2.2 2003/07/22 04:03:43 marka Exp $ */ #include <config.h> @@ -74,7 +74,7 @@ dns_rdatalist_tordataset(dns_rdatalist_t *rdatalist, rdataset->private1 = rdatalist; rdataset->private2 = NULL; rdataset->private3 = NULL; - rdataset->private4 = NULL; + rdataset->privateuint4 = 0; rdataset->private5 = NULL; return (ISC_R_SUCCESS); diff --git a/usr.sbin/bind/lib/dns/rdataset.c b/usr.sbin/bind/lib/dns/rdataset.c index 16c21f80a61..7a950ae1b10 100644 --- a/usr.sbin/bind/lib/dns/rdataset.c +++ b/usr.sbin/bind/lib/dns/rdataset.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: rdataset.c,v 1.58 2001/06/05 09:23:14 marka Exp $ */ +/* $ISC: rdataset.c,v 1.58.2.3 2003/08/05 00:42:55 marka Exp $ */ #include <config.h> @@ -52,7 +52,7 @@ dns_rdataset_init(dns_rdataset_t *rdataset) { rdataset->private1 = NULL; rdataset->private2 = NULL; rdataset->private3 = NULL; - rdataset->private4 = NULL; + rdataset->privateuint4 = 0; rdataset->private5 = NULL; } @@ -77,7 +77,7 @@ dns_rdataset_invalidate(dns_rdataset_t *rdataset) { rdataset->private1 = NULL; rdataset->private2 = NULL; rdataset->private3 = NULL; - rdataset->private4 = NULL; + rdataset->privateuint4 = 0; rdataset->private5 = NULL; } @@ -103,7 +103,7 @@ dns_rdataset_disassociate(dns_rdataset_t *rdataset) { rdataset->private1 = NULL; rdataset->private2 = NULL; rdataset->private3 = NULL; - rdataset->private4 = NULL; + rdataset->privateuint4 = 0; rdataset->private5 = NULL; } diff --git a/usr.sbin/bind/lib/dns/rdataslab.c b/usr.sbin/bind/lib/dns/rdataslab.c index 35fd7bab03d..d2673378f75 100644 --- a/usr.sbin/bind/lib/dns/rdataslab.c +++ b/usr.sbin/bind/lib/dns/rdataslab.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: rdataslab.c,v 1.29 2001/01/09 21:51:25 bwelling Exp $ */ +/* $ISC: rdataslab.c,v 1.29.2.2 2003/07/22 04:03:43 marka Exp $ */ #include <config.h> @@ -563,3 +563,35 @@ dns_rdataslab_equal(unsigned char *slab1, unsigned char *slab2, } return (ISC_TRUE); } + +isc_boolean_t +dns_rdataslab_equalx(unsigned char *slab1, unsigned char *slab2, + unsigned int reservelen, dns_rdataclass_t rdclass, + dns_rdatatype_t type) +{ + unsigned char *current1, *current2; + unsigned int count1, count2; + dns_rdata_t rdata1 = DNS_RDATA_INIT; + dns_rdata_t rdata2 = DNS_RDATA_INIT; + + current1 = slab1 + reservelen; + count1 = *current1++ * 256; + count1 += *current1++; + + current2 = slab2 + reservelen; + count2 = *current2++ * 256; + count2 += *current2++; + + if (count1 != count2) + return (ISC_FALSE); + + while (count1-- > 0) { + rdata_from_slab(¤t1, rdclass, type, &rdata1); + rdata_from_slab(¤t2, rdclass, type, &rdata2); + if (dns_rdata_compare(&rdata1, &rdata2) != 0) + return (ISC_FALSE); + dns_rdata_reset(&rdata1); + dns_rdata_reset(&rdata2); + } + return (ISC_TRUE); +} diff --git a/usr.sbin/bind/lib/dns/resolver.c b/usr.sbin/bind/lib/dns/resolver.c index 76f6f85c748..052c81aff59 100644 --- a/usr.sbin/bind/lib/dns/resolver.c +++ b/usr.sbin/bind/lib/dns/resolver.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: resolver.c,v 1.218.2.12.4.4 2003/02/18 03:32:01 marka Exp $ */ +/* $ISC: resolver.c,v 1.218.2.24 2003/09/22 00:32:39 marka Exp $ */ #include <config.h> @@ -278,6 +278,8 @@ struct dns_resolver { #define ISFORWARDER(a) (((a)->flags & \ FCTX_ADDRINFO_FORWARDER) != 0) +#define NXDOMAIN(r) (((r)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0) + static void destroy(dns_resolver_t *res); static void empty_bucket(dns_resolver_t *res); static isc_result_t resquery_send(resquery_t *query); @@ -1579,20 +1581,13 @@ fctx_getaddresses(fetchctx_t *fctx) { options = stdoptions; /* * If this name is a subdomain of the query domain, tell - * the ADB to start looking at "." if it doesn't know the - * address. This keeps us from getting stuck if the - * nameserver is beneath the zone cut and we don't know its - * address (e.g. because the A record has expired). - * By restarting from ".", we ensure that any missing glue - * will be reestablished. - * - * A further optimization would be to get the ADB to start - * looking at the most enclosing zone cut above fctx->domain. - * We don't expect this situation to happen very frequently, - * so we've chosen the simple solution. + * the ADB to start looking using zone/hint data. This keeps + * us from getting stuck if the nameserver is beneath the + * zone cut and we don't know its address (e.g. because the + * A record has expired). */ if (dns_name_issubdomain(&ns.name, &fctx->domain)) - options |= DNS_ADBFIND_STARTATROOT; + options |= DNS_ADBFIND_STARTATZONE; options |= DNS_ADBFIND_GLUEOK; options |= DNS_ADBFIND_HINTOK; @@ -2309,7 +2304,7 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type, /* * Compute an expiration time for the entire fetch. */ - isc_interval_set(&interval, 90, 0); /* XXXRTH constant */ + isc_interval_set(&interval, 30, 0); /* XXXRTH constant */ iresult = isc_time_nowplusinterval(&fctx->expires, &interval); if (iresult != ISC_R_SUCCESS) { UNEXPECTED_ERROR(__FILE__, __LINE__, @@ -3014,7 +3009,10 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, isc_stdtime_t now) { eresult = DNS_R_DNAME; } } - if (rdataset->trust == dns_trust_glue) { + if (rdataset->trust == dns_trust_glue && + (rdataset->type == dns_rdatatype_ns || + (rdataset->type == dns_rdatatype_sig && + rdataset->covers == dns_rdatatype_ns))) { /* * If the trust level is 'dns_trust_glue' * then we are adding data from a referral @@ -3043,8 +3041,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, isc_stdtime_t now) { * a negative cache entry, so we * must set eresult appropriately. */ - if (ardataset->covers == - dns_rdatatype_any) + if (NXDOMAIN(ardataset)) eresult = DNS_R_NCACHENXDOMAIN; else @@ -3151,7 +3148,7 @@ ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, * The cache data is also a negative cache * entry. */ - if (ardataset->covers == dns_rdatatype_any) + if (NXDOMAIN(ardataset)) *eresultp = DNS_R_NCACHENXDOMAIN; else *eresultp = DNS_R_NCACHENXRRSET; @@ -3170,7 +3167,7 @@ ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, result = ISC_R_SUCCESS; } } else if (result == ISC_R_SUCCESS) { - if (covers == dns_rdatatype_any) + if (NXDOMAIN(ardataset)) *eresultp = DNS_R_NCACHENXDOMAIN; else *eresultp = DNS_R_NCACHENXRRSET; @@ -4589,15 +4586,19 @@ resquery_response(isc_task_t *task, isc_event_t *event) { } if (get_nameservers) { + dns_name_t *name; dns_fixedname_init(&foundname); fname = dns_fixedname_name(&foundname); if (result != ISC_R_SUCCESS) { fctx_done(fctx, DNS_R_SERVFAIL); return; } + if ((options & DNS_FETCHOPT_UNSHARED) == 0) + name = &fctx->name; + else + name = &fctx->domain; result = dns_view_findzonecut(fctx->res->view, - &fctx->domain, - fname, + name, fname, now, 0, ISC_TRUE, &fctx->nameservers, NULL); diff --git a/usr.sbin/bind/lib/dns/result.c b/usr.sbin/bind/lib/dns/result.c index b92aac2dec1..c98cee99e82 100644 --- a/usr.sbin/bind/lib/dns/result.c +++ b/usr.sbin/bind/lib/dns/result.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1998-2002 Internet Software Consortium. + * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: result.c,v 1.90.2.5 2002/03/26 00:55:00 marka Exp $ */ +/* $ISC: result.c,v 1.90.2.9 2003/07/22 04:03:44 marka Exp $ */ #include <config.h> @@ -125,7 +125,20 @@ static const char *text[DNS_R_NRESULTS] = { "obsolete", /* 80 DNS_R_OBSOLETE */ "already frozen", /* 81 DNS_R_FROZEN */ "unknown flag", /* 82 DNS_R_UNKNOWNFLAG */ - "expected a response" /* 83 DNS_R_EXPECTEDRESPONSE */ + "expected a response", /* 83 DNS_R_EXPECTEDRESPONSE */ + "<unused 84>", + + "<unused 85>", + "<unused 86>", + "<unused 87>", + "<unused 88>", + "<unused 89>", + + "<unused 90>", + "<unused 91>", + "empty name", /* 92 DNS_R_EMPTYNAME */ + "empty wild", /* 93 DNS_R_EMPTYWILD */ + "bad bitmap" /* 94 DNS_R_BADBITMAP */ }; static const char *rcode_text[DNS_R_NRCODERESULTS] = { diff --git a/usr.sbin/bind/lib/dns/rootns.c b/usr.sbin/bind/lib/dns/rootns.c index 18be4a6ee67..f6a7e7294fb 100644 --- a/usr.sbin/bind/lib/dns/rootns.c +++ b/usr.sbin/bind/lib/dns/rootns.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: rootns.c,v 1.20.2.1 2001/10/03 22:30:17 gson Exp $ */ +/* $ISC: rootns.c,v 1.20.2.3 2003/07/22 04:03:44 marka Exp $ */ #include <config.h> @@ -65,7 +65,7 @@ static char root_ns[] = "G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4\n" "H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53\n" "I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17\n" -"J.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.10\n" +"J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30\n" "K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129\n" "L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12\n" "M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33\n"; diff --git a/usr.sbin/bind/lib/dns/sdb.c b/usr.sbin/bind/lib/dns/sdb.c index e6a0ba7ee8e..5425668d9b1 100644 --- a/usr.sbin/bind/lib/dns/sdb.c +++ b/usr.sbin/bind/lib/dns/sdb.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2000, 2001 Internet Software Consortium. + * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: sdb.c,v 1.35 2001/06/28 21:34:54 gson Exp $ */ +/* $ISC: sdb.c,v 1.35.2.2 2003/10/09 07:32:38 marka Exp $ */ #include <config.h> @@ -763,8 +763,10 @@ find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, dns_fixedname_init(&fname); xname = dns_fixedname_name(&fname); - if (rdataset == NULL) + if (rdataset == NULL) { + dns_rdataset_init(&xrdataset); rdataset = &xrdataset; + } result = DNS_R_NXDOMAIN; diff --git a/usr.sbin/bind/lib/dns/sec/dst/dst_api.c b/usr.sbin/bind/lib/dns/sec/dst/dst_api.c index 637414c3e07..ceaf9f624a8 100644 --- a/usr.sbin/bind/lib/dns/sec/dst/dst_api.c +++ b/usr.sbin/bind/lib/dns/sec/dst/dst_api.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 1999-2001 Internet Software Consortium. + * Portions Copyright (C) 1999-2001, 2003 Internet Software Consortium. * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * * Permission to use, copy, modify, and distribute this software for any @@ -19,7 +19,7 @@ /* * Principal Author: Brian Wellington - * $ISC: dst_api.c,v 1.88.2.2 2001/12/19 01:09:56 marka Exp $ + * $ISC: dst_api.c,v 1.88.2.4 2003/10/09 07:32:46 marka Exp $ */ #include <config.h> @@ -987,7 +987,7 @@ buildfilename(dns_name_t *name, dns_keytag_t id, if (isc_buffer_availablelength(out) < strlen(directory)) return (ISC_R_NOSPACE); isc_buffer_putstr(out, directory); - if (strlen(directory) > 0 && + if (strlen(directory) > 0U && directory[strlen(directory) - 1] != '/') isc_buffer_putstr(out, "/"); } @@ -1108,7 +1108,7 @@ dst__mem_realloc(void *ptr, size_t size) { INSIST(dst_memory_pool != NULL); p = NULL; - if (size > 0) { + if (size > 0U) { p = dst__mem_alloc(size); if (p != NULL && ptr != NULL) memcpy(p, ptr, size); diff --git a/usr.sbin/bind/lib/dns/sec/dst/openssl_link.c b/usr.sbin/bind/lib/dns/sec/dst/openssl_link.c index 5b3f35da53a..bfc19886d9f 100644 --- a/usr.sbin/bind/lib/dns/sec/dst/openssl_link.c +++ b/usr.sbin/bind/lib/dns/sec/dst/openssl_link.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 1999-2001 Internet Software Consortium. + * Portions Copyright (C) 1999-2001, 2003 Internet Software Consortium. * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * * Permission to use, copy, modify, and distribute this software for any @@ -19,7 +19,7 @@ /* * Principal Author: Brian Wellington - * $ISC: openssl_link.c,v 1.46.8.1 2003/02/18 06:24:45 marka Exp $ + * $ISC: openssl_link.c,v 1.46.2.2 2003/07/22 04:03:47 marka Exp $ */ #ifdef OPENSSL diff --git a/usr.sbin/bind/lib/dns/sec/dst/opensslrsa_link.c b/usr.sbin/bind/lib/dns/sec/dst/opensslrsa_link.c index ad2f8f9652b..6153e02463c 100644 --- a/usr.sbin/bind/lib/dns/sec/dst/opensslrsa_link.c +++ b/usr.sbin/bind/lib/dns/sec/dst/opensslrsa_link.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2000, 2001 Internet Software Consortium. + * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,7 @@ /* * Principal Author: Brian Wellington - * $ISC: opensslrsa_link.c,v 1.12.2.3 2001/12/19 01:29:31 marka Exp $ + * $ISC: opensslrsa_link.c,v 1.12.2.5 2003/10/09 07:32:46 marka Exp $ */ #ifdef OPENSSL @@ -217,6 +217,7 @@ opensslrsa_generate(dst_key_t *key, int exp) { } rsa->flags &= ~(RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE); + rsa->flags |= RSA_FLAG_BLINDING; key->opaque = rsa; @@ -296,6 +297,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) { if (rsa == NULL) return (ISC_R_NOMEMORY); rsa->flags &= ~(RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE); + rsa->flags |= RSA_FLAG_BLINDING; if (r.length < 1) { RSA_free(rsa); @@ -434,6 +436,7 @@ opensslrsa_fromfile(dst_key_t *key, const char *filename) { if (rsa == NULL) DST_RET(ISC_R_NOMEMORY); rsa->flags &= ~(RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE); + rsa->flags |= RSA_FLAG_BLINDING; key->opaque = rsa; for (i = 0; i < priv.nelements; i++) { diff --git a/usr.sbin/bind/lib/dns/time.c b/usr.sbin/bind/lib/dns/time.c index 4081e8e8a49..fcafbafed87 100644 --- a/usr.sbin/bind/lib/dns/time.c +++ b/usr.sbin/bind/lib/dns/time.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1998-2001 Internet Software Consortium. + * Copyright (C) 1998-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: time.c,v 1.18 2001/05/15 22:05:35 gson Exp $ */ +/* $ISC: time.c,v 1.18.2.4 2003/07/23 06:57:48 marka Exp $ */ #include <config.h> @@ -127,7 +127,7 @@ dns_time64_fromtext(char *source, isc_int64_t *target) { return (ISC_R_RANGE); \ } while (0) - if (strlen(source) != 14) + if (strlen(source) != 14U) return (DNS_R_SYNTAX); if (sscanf(source, "%4d%2d%2d%2d%2d%2d", &year, &month, &day, &hour, &minute, &second) != 6) @@ -161,15 +161,11 @@ dns_time64_fromtext(char *source, isc_int64_t *target) { isc_result_t dns_time32_fromtext(char *source, isc_uint32_t *target) { isc_int64_t value64; - isc_int32_t value32; isc_result_t result; result = dns_time64_fromtext(source, &value64); if (result != ISC_R_SUCCESS) return (result); - value32 = (isc_uint32_t)value64; - if (value32 != value64) - return (ISC_R_RANGE); - *target = value32; + *target = (isc_uint32_t)value64; return (ISC_R_SUCCESS); } diff --git a/usr.sbin/bind/lib/dns/view.c b/usr.sbin/bind/lib/dns/view.c index d07d78d6527..fe7df497c2d 100644 --- a/usr.sbin/bind/lib/dns/view.c +++ b/usr.sbin/bind/lib/dns/view.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,10 +15,11 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: view.c,v 1.103.2.2 2002/08/05 06:57:12 marka Exp $ */ +/* $ISC: view.c,v 1.103.2.9 2003/09/19 13:24:03 marka Exp $ */ #include <config.h> +#include <isc/hash.h> #include <isc/task.h> #include <isc/string.h> /* Required for HP/UX (and others?) */ #include <isc/util.h> @@ -162,6 +163,9 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, view->maxncachettl = 3 * 3600; view->dstport = 53; view->flush = ISC_FALSE; + view->delonly = NULL; + view->rootdelonly = ISC_FALSE; + view->rootexclude = NULL; result = dns_peerlist_new(view->mctx, &view->peers); if (result != ISC_R_SUCCESS) @@ -275,6 +279,24 @@ destroy(dns_view_t *view) { DNS_VIEW_DELONLYHASH); view->delonly = NULL; } + if (view->rootexclude != NULL) { + dns_name_t *name; + int i; + + for (i = 0; i < DNS_VIEW_DELONLYHASH; i++) { + name = ISC_LIST_HEAD(view->rootexclude[i]); + while (name != NULL) { + ISC_LIST_UNLINK(view->rootexclude[i], + name, link); + dns_name_free(name, view->mctx); + isc_mem_put(view->mctx, name, sizeof(*name)); + name = ISC_LIST_HEAD(view->rootexclude[i]); + } + } + isc_mem_put(view->mctx, view->rootexclude, + sizeof(dns_namelist_t) * DNS_VIEW_DELONLYHASH); + view->rootexclude = NULL; + } dns_keytable_detach(&view->trustedkeys); dns_keytable_detach(&view->secroots); dns_fwdtable_destroy(&view->fwdtable); @@ -871,9 +893,20 @@ dns_view_simplefind(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, isc_result_t dns_view_findzonecut(dns_view_t *view, dns_name_t *name, dns_name_t *fname, isc_stdtime_t now, unsigned int options, - isc_boolean_t use_hints, + isc_boolean_t use_hints, dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) { + return(dns_view_findzonecut2(view, name, fname, now, options, + use_hints, ISC_TRUE, + rdataset, sigrdataset)); +} + +isc_result_t +dns_view_findzonecut2(dns_view_t *view, dns_name_t *name, dns_name_t *fname, + isc_stdtime_t now, unsigned int options, + isc_boolean_t use_hints, isc_boolean_t use_cache, + dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) +{ isc_result_t result; dns_db_t *db; isc_boolean_t is_cache, use_zone, try_hints; @@ -910,7 +943,7 @@ dns_view_findzonecut(dns_view_t *view, dns_name_t *name, dns_name_t *fname, * is it a subdomain of any zone for which we're * authoritative. */ - if (view->cachedb != NULL) { + if (use_cache && view->cachedb != NULL) { /* * We have a cache; try it. */ @@ -941,7 +974,7 @@ dns_view_findzonecut(dns_view_t *view, dns_name_t *name, dns_name_t *fname, result = ISC_R_SUCCESS; else if (result != ISC_R_SUCCESS) goto cleanup; - if (view->cachedb != NULL && db != view->hints) { + if (use_cache && view->cachedb != NULL && db != view->hints) { /* * We found an answer, but the cache may be better. */ @@ -1191,6 +1224,41 @@ dns_view_adddelegationonly(dns_view_t *view, dns_name_t *name) { return (result); } +isc_result_t +dns_view_excludedelegationonly(dns_view_t *view, dns_name_t *name) { + isc_result_t result; + dns_name_t *new; + isc_uint32_t hash; + + REQUIRE(DNS_VIEW_VALID(view)); + + if (view->rootexclude == NULL) { + view->rootexclude = isc_mem_get(view->mctx, + sizeof(dns_namelist_t) * + DNS_VIEW_DELONLYHASH); + if (view->rootexclude == NULL) + return (ISC_R_NOMEMORY); + for (hash = 0; hash < DNS_VIEW_DELONLYHASH; hash++) + ISC_LIST_INIT(view->rootexclude[hash]); + } + hash = dns_name_hash(name, ISC_FALSE) % DNS_VIEW_DELONLYHASH; + new = ISC_LIST_HEAD(view->rootexclude[hash]); + while (new != NULL && !dns_name_equal(new, name)) + new = ISC_LIST_NEXT(new, link); + if (new != NULL) + return (ISC_R_SUCCESS); + new = isc_mem_get(view->mctx, sizeof(*new)); + if (new == NULL) + return (ISC_R_NOMEMORY); + dns_name_init(new, NULL); + result = dns_name_dup(name, view->mctx, new); + if (result == ISC_R_SUCCESS) + ISC_LIST_APPEND(view->rootexclude[hash], new, link); + else + isc_mem_put(view->mctx, new, sizeof(*new)); + return (result); +} + isc_boolean_t dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name) { dns_name_t *new; @@ -1198,10 +1266,23 @@ dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name) { REQUIRE(DNS_VIEW_VALID(view)); - if (view->delonly == NULL) + if (!view->rootdelonly && view->delonly == NULL) return (ISC_FALSE); hash = dns_name_hash(name, ISC_FALSE) % DNS_VIEW_DELONLYHASH; + if (view->rootdelonly && dns_name_countlabels(name) <= 2) { + if (view->rootexclude == NULL) + return (ISC_TRUE); + new = ISC_LIST_HEAD(view->rootexclude[hash]); + while (new != NULL && !dns_name_equal(new, name)) + new = ISC_LIST_NEXT(new, link); + if (new == NULL) + return (ISC_TRUE); + } + + if (view->delonly == NULL) + return (ISC_FALSE); + new = ISC_LIST_HEAD(view->delonly[hash]); while (new != NULL && !dns_name_equal(new, name)) new = ISC_LIST_NEXT(new, link); @@ -1209,3 +1290,15 @@ dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name) { return (ISC_FALSE); return (ISC_TRUE); } + +void +dns_view_setrootdelonly(dns_view_t *view, isc_boolean_t value) { + REQUIRE(DNS_VIEW_VALID(view)); + view->rootdelonly = value; +} + +isc_boolean_t +dns_view_getrootdelonly(dns_view_t *view) { + REQUIRE(DNS_VIEW_VALID(view)); + return (view->rootdelonly); +} diff --git a/usr.sbin/bind/lib/dns/xfrin.c b/usr.sbin/bind/lib/dns/xfrin.c index 2ee488810fc..1b76a18b06b 100644 --- a/usr.sbin/bind/lib/dns/xfrin.c +++ b/usr.sbin/bind/lib/dns/xfrin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: xfrin.c,v 1.124.2.2 2001/09/12 20:44:04 gson Exp $ */ +/* $ISC: xfrin.c,v 1.124.2.4 2003/07/22 04:03:45 marka Exp $ */ #include <config.h> @@ -1166,11 +1166,6 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { name = NULL; dns_message_currentname(msg, DNS_SECTION_ANSWER, &name); - if (!dns_name_issubdomain(name, &xfr->name)) { - xfrin_log(xfr, ISC_LOG_WARNING, - "ignoring out-of-zone data"); - continue; - } for (rds = ISC_LIST_HEAD(name->list); rds != NULL; rds = ISC_LIST_NEXT(rds, link)) diff --git a/usr.sbin/bind/lib/dns/zone.c b/usr.sbin/bind/lib/dns/zone.c index ee3793dbe8e..8a3d4f992eb 100644 --- a/usr.sbin/bind/lib/dns/zone.c +++ b/usr.sbin/bind/lib/dns/zone.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $ISC: zone.c,v 1.333.2.13.4.2 2003/02/17 07:05:08 marka Exp $ */ +/* $ISC: zone.c,v 1.333.2.23 2003/07/28 07:03:15 marka Exp $ */ #include <config.h> @@ -409,7 +409,7 @@ static isc_result_t zone_dump(dns_zone_t *); static void got_transfer_quota(isc_task_t *task, isc_event_t *event); static isc_result_t zmgr_start_xfrin_ifquota(dns_zonemgr_t *zmgr, dns_zone_t *zone); -static void zmgr_resume_xfrs(dns_zonemgr_t *zmgr); +static void zmgr_resume_xfrs(dns_zonemgr_t *zmgr, isc_boolean_t multi); static void zonemgr_free(dns_zonemgr_t *zmgr); static isc_result_t zonemgr_getio(dns_zonemgr_t *zmgr, isc_boolean_t high, isc_task_t *task, isc_taskaction_t action, @@ -950,6 +950,24 @@ zone_load(dns_zone_t *zone, unsigned int flags) { goto cleanup; } } + } + + INSIST(zone->db_argc >= 1); + + if ((zone->type == dns_zone_slave || zone->type == dns_zone_stub) && + (strcmp(zone->db_argv[0], "rbt") == 0 || + strcmp(zone->db_argv[0], "rbt64") == 0)) { + if (zone->masterfile == NULL || + !isc_file_exists(zone->masterfile)) { + if (zone->masterfile != NULL) + dns_zone_log(zone, ISC_LOG_DEBUG(1), + "no master file"); + zone->refreshtime = now; + if (zone->task != NULL) + zone_settimer(zone, &now); + result = ISC_R_SUCCESS; + goto cleanup; + } } dns_zone_log(zone, ISC_LOG_DEBUG(1), "starting load"); @@ -964,7 +982,6 @@ zone_load(dns_zone_t *zone, unsigned int flags) { if (result != ISC_R_SUCCESS) goto cleanup; - INSIST(zone->db_argc >= 1); result = dns_db_create(zone->mctx, zone->db_argv[0], &zone->origin, (zone->type == dns_zone_stub) ? dns_dbtype_stub : dns_dbtype_zone, @@ -1024,6 +1041,7 @@ static void zone_gotreadhandle(isc_task_t *task, isc_event_t *event) { dns_load_t *load = event->ev_arg; isc_result_t result = ISC_R_SUCCESS; + unsigned int options; REQUIRE(DNS_LOAD_VALID(load)); @@ -1033,11 +1051,14 @@ zone_gotreadhandle(isc_task_t *task, isc_event_t *event) { if (result == ISC_R_CANCELED) goto fail; + options = DNS_MASTER_ZONE; + if (load->zone->type == dns_zone_slave) + options |= DNS_MASTER_SLAVE; result = dns_master_loadfileinc(load->zone->masterfile, dns_db_origin(load->db), dns_db_origin(load->db), load->zone->rdclass, - DNS_MASTER_ZONE, + options, &load->callbacks, task, zone_loaddone, load, &load->zone->lctx, load->zone->mctx); @@ -1055,7 +1076,13 @@ zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) { dns_load_t *load; isc_result_t result; isc_result_t tresult; + unsigned int options; + options = DNS_MASTER_ZONE; + if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_MANYERRORS)) + options |= DNS_MASTER_MANYERRORS; + if (zone->type == dns_zone_slave) + options |= DNS_MASTER_SLAVE; if (zone->zmgr != NULL && zone->db != NULL && zone->task != NULL) { load = isc_mem_get(zone->mctx, sizeof(*load)); if (load == NULL) @@ -1088,14 +1115,12 @@ zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) { result = DNS_R_CONTINUE; } else if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_MANYERRORS)) { dns_rdatacallbacks_t callbacks; - unsigned int options; dns_rdatacallbacks_init(&callbacks); result = dns_db_beginload(db, &callbacks.add, &callbacks.add_private); if (result != ISC_R_SUCCESS) return (result); - options = DNS_MASTER_MANYERRORS|DNS_MASTER_ZONE; result = dns_master_loadfile(zone->masterfile, &zone->origin, &zone->origin, zone->rdclass, options, &callbacks, zone->mctx); @@ -1318,6 +1343,8 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, /* Mark the zone for immediate refresh. */ zone->refreshtime = now; + if (zone->task != NULL) + zone_settimer(zone, &now); result = ISC_R_SUCCESS; } return (result); @@ -3477,7 +3504,24 @@ soa_query(isc_task_t *task, isc_event_t *event) { zone->masteraddr = zone->masters[zone->curmaster]; isc_netaddr_fromsockaddr(&masterip, &zone->masteraddr); - (void)dns_view_getpeertsig(zone->view, &masterip, &key); + /* + * First, look for a tsig key in the master statement, then + * try for a server key. + */ + if ((zone->masterkeynames != NULL) && + (zone->masterkeynames[zone->curmaster] != NULL)) { + dns_view_t *view = dns_zone_getview(zone); + dns_name_t *keyname = zone->masterkeynames[zone->curmaster]; + result = dns_view_gettsig(view, keyname, &key); + if (result != ISC_R_SUCCESS) { + char namebuf[DNS_NAME_FORMATSIZE]; + dns_name_format(keyname, namebuf, sizeof(namebuf)); + dns_zone_log(zone, ISC_LOG_ERROR, + "unable to find key: %s", namebuf); + } + } + if (key == NULL) + (void)dns_view_getpeertsig(zone->view, &masterip, &key); options = DNS_ZONE_FLAG(zone, DNS_ZONEFLG_USEVC) ? DNS_REQUESTOPT_TCP : 0; @@ -3618,7 +3662,24 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) { zone->masteraddr = zone->masters[zone->curmaster]; isc_netaddr_fromsockaddr(&masterip, &zone->masteraddr); - (void)dns_view_getpeertsig(zone->view, &masterip, &key); + /* + * First, look for a tsig key in the master statement, then + * try for a server key. + */ + if ((zone->masterkeynames != NULL) && + (zone->masterkeynames[zone->curmaster] != NULL)) { + dns_view_t *view = dns_zone_getview(zone); + dns_name_t *keyname = zone->masterkeynames[zone->curmaster]; + result = dns_view_gettsig(view, keyname, &key); + if (result != ISC_R_SUCCESS) { + char namebuf[DNS_NAME_FORMATSIZE]; + dns_name_format(keyname, namebuf, sizeof(namebuf)); + dns_zone_log(zone, ISC_LOG_ERROR, + "unable to find key: %s", namebuf); + } + } + if (key == NULL) + (void)dns_view_getpeertsig(zone->view, &masterip, &key); /* * Always use TCP so that we shouldn't truncate in additional section. @@ -3667,6 +3728,8 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) { if (message != NULL) dns_message_destroy(&message); unlock: + if (key != NULL) + dns_tsigkey_detach(&key); UNLOCK_ZONE(zone); return; } @@ -3678,7 +3741,7 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) { static void zone_shutdown(isc_task_t *task, isc_event_t *event) { dns_zone_t *zone = (dns_zone_t *) event->ev_arg; - isc_boolean_t free_needed; + isc_boolean_t free_needed, linked = ISC_FALSE; UNUSED(task); REQUIRE(DNS_ZONE_VALID(zone)); @@ -3704,6 +3767,7 @@ zone_shutdown(isc_task_t *task, isc_event_t *event) { if (zone->statelist == &zone->zmgr->waiting_for_xfrin) { ISC_LIST_UNLINK(zone->zmgr->waiting_for_xfrin, zone, statelink); + linked = ISC_TRUE; zone->statelist = NULL; } RWUNLOCK(&zone->zmgr->rwlock, isc_rwlocktype_write); @@ -3716,6 +3780,10 @@ zone_shutdown(isc_task_t *task, isc_event_t *event) { dns_xfrin_shutdown(zone->xfr); LOCK_ZONE(zone); + if (linked) { + INSIST(zone->irefs > 0); + zone->irefs--; + } if (zone->request != NULL) { dns_request_cancel(zone->request); } @@ -4339,7 +4407,7 @@ zone_tostr(dns_zone_t *zone, char *buf, size_t length) { isc_buffer_t buffer; REQUIRE(buf != NULL); - REQUIRE(length > 1); + REQUIRE(length > 1U); /* * Leave space for terminating '\0'. @@ -4689,6 +4757,7 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) { unsigned int nscount; isc_uint32_t serial, refresh, retry, expire, minimum; isc_result_t xfrresult = result; + isc_boolean_t free_needed; REQUIRE(DNS_ZONE_VALID(zone)); @@ -4820,8 +4889,7 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) { RWLOCK(&zone->zmgr->rwlock, isc_rwlocktype_write); ISC_LIST_UNLINK(zone->zmgr->xfrin_in_progress, zone, statelink); zone->statelist = NULL; - if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) - zmgr_resume_xfrs(zone->zmgr); + zmgr_resume_xfrs(zone->zmgr, ISC_FALSE); RWUNLOCK(&zone->zmgr->rwlock, isc_rwlocktype_write); /* @@ -4829,7 +4897,13 @@ zone_xfrdone(dns_zone_t *zone, isc_result_t result) { */ if (again && !DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) queue_soa_query(zone); + + INSIST(zone->irefs > 0); + zone->irefs--; + free_needed = exit_check(zone); UNLOCK_ZONE(zone); + if (free_needed) + zone_free(zone); } static void @@ -4913,6 +4987,9 @@ queue_xfrin(dns_zone_t *zone) { RWLOCK(&zmgr->rwlock, isc_rwlocktype_write); ISC_LIST_APPEND(zmgr->waiting_for_xfrin, zone, statelink); + LOCK_ZONE(zone); + zone->irefs++; + UNLOCK_ZONE(zone); zone->statelist = &zmgr->waiting_for_xfrin; result = zmgr_start_xfrin_ifquota(zmgr, zone); RWUNLOCK(&zmgr->rwlock, isc_rwlocktype_write); @@ -5043,9 +5120,6 @@ got_transfer_quota(isc_task_t *task, isc_event_t *event) { dns_tsigkey_detach(&tsigkey); isc_event_free(&event); - - dns_zone_detach(&zone); /* XXXAG */ - return; } /* @@ -5494,6 +5568,7 @@ dns_zonemgr_forcemaint(dns_zonemgr_t *zmgr) { { dns_zone_maintenance(p); } + RWUNLOCK(&zmgr->rwlock, isc_rwlocktype_read); /* * Recent configuration changes may have increased the @@ -5501,9 +5576,9 @@ dns_zonemgr_forcemaint(dns_zonemgr_t *zmgr) { * transfers currently blocked on quota get started if * possible. */ - zmgr_resume_xfrs(zmgr); - - RWUNLOCK(&zmgr->rwlock, isc_rwlocktype_read); + RWLOCK(&zmgr->rwlock, isc_rwlocktype_write); + zmgr_resume_xfrs(zmgr, ISC_TRUE); + RWUNLOCK(&zmgr->rwlock, isc_rwlocktype_write); return (ISC_R_SUCCESS); } @@ -5573,16 +5648,20 @@ dns_zonemgr_getttransfersperns(dns_zonemgr_t *zmgr) { * The zone manager is locked by the caller. */ static void -zmgr_resume_xfrs(dns_zonemgr_t *zmgr) { +zmgr_resume_xfrs(dns_zonemgr_t *zmgr, isc_boolean_t multi) { dns_zone_t *zone; + dns_zone_t *next; for (zone = ISC_LIST_HEAD(zmgr->waiting_for_xfrin); zone != NULL; - zone = ISC_LIST_NEXT(zone, statelink)) + zone = next) { isc_result_t result; + next = ISC_LIST_NEXT(zone, statelink); result = zmgr_start_xfrin_ifquota(zmgr, zone); if (result == ISC_R_SUCCESS) { + if (multi) + continue; /* * We successfully filled the slot. We're done. */ @@ -5590,7 +5669,7 @@ zmgr_resume_xfrs(dns_zonemgr_t *zmgr) { } else if (result == ISC_R_QUOTA) { /* * Not enough quota. This is probably the per-server - * quota, because we only get called when a unit of + * quota, because we usually get called when a unit of * global quota has just been freed. Try the next * zone, it may succeed if it uses another master. */ @@ -5686,14 +5765,6 @@ zmgr_start_xfrin_ifquota(dns_zonemgr_t *zmgr, dns_zone_t *zone) { ISC_LIST_UNLINK(zmgr->waiting_for_xfrin, zone, statelink); ISC_LIST_APPEND(zmgr->xfrin_in_progress, zone, statelink); zone->statelist = &zmgr->xfrin_in_progress; - /* - * Make sure the zone does not go away before it has processed - * the event; in effect, the event is attached to the zone. - * - * XXXAG This should be done as soon as the zone goes on the - * queue, using irefs. - */ - isc_refcount_increment(&zone->erefs, NULL); isc_task_send(zone->task, &e); UNLOCK_ZONE(zone); @@ -5895,7 +5966,7 @@ dns_zonemgr_setserialqueryrate(dns_zonemgr_t *zmgr, unsigned int value) { s = 1; ns = 0; pertic = 1; - } else if (value < 10) { + } else if (value <= 10) { s = 0; ns = 1000000000 / value; pertic = 1; |