diff options
| author | Jakob Schlyter <jakob@cvs.openbsd.org> | 2010-08-22 09:21:52 +0000 |
|---|---|---|
| committer | Jakob Schlyter <jakob@cvs.openbsd.org> | 2010-08-22 09:21:52 +0000 |
| commit | a4e9b19a51ee0716da73896659ec593d0ecfd2d2 (patch) | |
| tree | 4b8611596f107f2b46e4181af8a36472afb94a3b /usr.sbin | |
| parent | 5044f1e98f79891c7f32b935aa073a751116b7fc (diff) | |
NSD v3.2.6
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/nsd/acx_nlnetlabs.m4 | 53 | ||||
| -rw-r--r-- | usr.sbin/nsd/buffer.c | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/compat/.c-mode-rc.el | 5 | ||||
| -rw-r--r-- | usr.sbin/nsd/dbaccess.c | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/difffile.c | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/makedist.sh | 211 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd.conf.sample.in | 21 | ||||
| -rw-r--r-- | usr.sbin/nsd/nsd.h | 3 | ||||
| -rw-r--r-- | usr.sbin/nsd/options.c | 12 | ||||
| -rw-r--r-- | usr.sbin/nsd/options.h | 5 | ||||
| -rw-r--r-- | usr.sbin/nsd/query.h | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/tsig-openssl.c | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/tsig-openssl.h | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/tsig.c | 4 | ||||
| -rw-r--r-- | usr.sbin/nsd/xfrd-notify.c | 16 | ||||
| -rw-r--r-- | usr.sbin/nsd/xfrd-notify.h | 2 | ||||
| -rw-r--r-- | usr.sbin/nsd/xfrd.c | 18 | ||||
| -rw-r--r-- | usr.sbin/nsd/xfrd.h | 4 |
18 files changed, 294 insertions, 78 deletions
diff --git a/usr.sbin/nsd/acx_nlnetlabs.m4 b/usr.sbin/nsd/acx_nlnetlabs.m4 index bb7ac286722..50a4c69a3d8 100644 --- a/usr.sbin/nsd/acx_nlnetlabs.m4 +++ b/usr.sbin/nsd/acx_nlnetlabs.m4 @@ -2,7 +2,9 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 8 +# Version 10 +# 2010-07-02 Add check for ss_family (for minix). +# 2010-04-26 Fix to use CPPFLAGS for CHECK_COMPILER_FLAGS. # 2010-03-01 Fix RPATH using CONFIG_COMMANDS to run at the very end. # 2010-02-18 WITH_SSL outputs the LIBSSL_LDFLAGS, LIBS, CPPFLAGS seperate, -ldl # 2010-02-01 added ACX_CHECK_MEMCMP_SIGNED, AHX_MEMCMP_BROKEN @@ -73,6 +75,7 @@ # AHX_CONFIG_EXT_FLAGS - define the stripped extension flags # ACX_CHECK_MEMCMP_SIGNED - check if memcmp uses signed characters. # AHX_MEMCMP_BROKEN - replace memcmp func for CHECK_MEMCMP_SIGNED. +# ACX_CHECK_SS_FAMILY - check for sockaddr_storage.ss_family # dnl Escape backslashes as \\, for C:\ paths, for the C preprocessor defines. @@ -102,7 +105,7 @@ cache=`echo $1 | sed 'y%.=/+-%___p_%'` AC_CACHE_VAL(cv_prog_cc_flag_$cache, [ echo 'void f(){}' >conftest.c -if test -z "`$CC -$1 -c conftest.c 2>&1`"; then +if test -z "`$CC $CPPFLAGS $CFLAGS -$1 -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_$cache=yes" else eval "cv_prog_cc_flag_$cache=no" @@ -146,18 +149,18 @@ AC_CACHE_VAL(cv_prog_cc_flag_needed_$cache, [ echo '$2' > conftest.c echo 'void f(){}' >>conftest.c -if test -z "`$CC $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then +if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=no" else [ -if test -z "`$CC $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1`"; then +if test -z "`$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_needed_$cache=yes" else eval "cv_prog_cc_flag_needed_$cache=fail" #echo 'Test with flag fails too!' #cat conftest.c -#echo "$CC $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1` +#echo "$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1" +#echo `$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1` #exit 1 fi ] @@ -173,8 +176,8 @@ if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then AC_MSG_RESULT(no) #echo 'Test with flag is no!' #cat conftest.c -#echo "$CC $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1" -#echo `$CC $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1` +#echo "$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1" +#echo `$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1` #exit 1 : $4 @@ -1269,4 +1272,38 @@ int memcmp(const void *x, const void *y, size_t n); #endif ]) +dnl ACX_CHECK_SS_FAMILY - check for sockaddr_storage.ss_family +AC_DEFUN([ACX_CHECK_SS_FAMILY], +[AC_CHECK_MEMBER([struct sockaddr_storage.ss_family], [], [ + AC_CHECK_MEMBER([struct sockaddr_storage.__ss_family], [ + AC_DEFINE([ss_family], [__ss_family], [Fallback member name for socket family in struct sockaddr_storage]) + ],, [AC_INCLUDES_DEFAULT +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif + ]) +], [AC_INCLUDES_DEFAULT +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +]) ]) + dnl End of file diff --git a/usr.sbin/nsd/buffer.c b/usr.sbin/nsd/buffer.c index 67b11183309..e0f9859a24e 100644 --- a/usr.sbin/nsd/buffer.c +++ b/usr.sbin/nsd/buffer.c @@ -28,7 +28,7 @@ buffer_create(region_type *region, size_t capacity) = (buffer_type *) region_alloc(region, sizeof(buffer_type)); if (!buffer) return NULL; - + buffer->_data = (uint8_t *) xalloc(capacity); buffer->_position = 0; buffer->_limit = buffer->_capacity = capacity; diff --git a/usr.sbin/nsd/compat/.c-mode-rc.el b/usr.sbin/nsd/compat/.c-mode-rc.el new file mode 100644 index 00000000000..c667228b18f --- /dev/null +++ b/usr.sbin/nsd/compat/.c-mode-rc.el @@ -0,0 +1,5 @@ +;;; Override Emacs c-mode settings to use NSD conventions. + +(c-set-style "bsd") +(set-variable 'c-basic-offset 8) +(set-variable 'indent-tabs-mode t) diff --git a/usr.sbin/nsd/dbaccess.c b/usr.sbin/nsd/dbaccess.c index fccee760988..09281aeabb4 100644 --- a/usr.sbin/nsd/dbaccess.c +++ b/usr.sbin/nsd/dbaccess.c @@ -217,7 +217,6 @@ read_rrset(namedb_type *db, rrset->zone->ns_rrset = rrset; } -#ifdef DNSSEC if (rrset_rrtype(rrset) == TYPE_RRSIG && owner == rrset->zone->apex) { for (i = 0; i < rrset->rr_count; ++i) { if (rr_rrsig_type_covered(&rrset->rrs[i]) == TYPE_SOA) { @@ -226,7 +225,6 @@ read_rrset(namedb_type *db, } } } -#endif return rrset; } diff --git a/usr.sbin/nsd/difffile.c b/usr.sbin/nsd/difffile.c index ccc993a5276..76203718fb5 100644 --- a/usr.sbin/nsd/difffile.c +++ b/usr.sbin/nsd/difffile.c @@ -294,7 +294,6 @@ rrset_delete(namedb_type* db, domain_type* domain, rrset_type* rrset) if(rrset->zone->ns_rrset == rrset) { rrset->zone->ns_rrset = 0; } -#ifdef DNSSEC if(domain == rrset->zone->apex && rrset_rrtype(rrset) == TYPE_RRSIG) { for (i = 0; i < rrset->rr_count; ++i) { if (rr_rrsig_type_covered(&rrset->rrs[i]) == TYPE_SOA) { @@ -303,7 +302,6 @@ rrset_delete(namedb_type* db, domain_type* domain, rrset_type* rrset) } } } -#endif /* recycle the memory space of the rrset */ for (i = 0; i < rrset->rr_count; ++i) add_rdata_to_recyclebin(db, &rrset->rrs[i]); @@ -543,7 +541,6 @@ add_RR(namedb_type* db, const dname_type* dname, if(type == TYPE_NS) { zone->ns_rrset = rrset; } -#ifdef DNSSEC if(type == TYPE_RRSIG) { int i; for (i = 0; i < rrset->rr_count; ++i) { @@ -553,7 +550,6 @@ add_RR(namedb_type* db, const dname_type* dname, } } } -#endif } return 1; } diff --git a/usr.sbin/nsd/makedist.sh b/usr.sbin/nsd/makedist.sh new file mode 100644 index 00000000000..1771f22bd05 --- /dev/null +++ b/usr.sbin/nsd/makedist.sh @@ -0,0 +1,211 @@ +#!/bin/sh + +# Build a NSD distribution tar from the SVN repository. + +# Abort script on unexpected errors. +set -e + +# Remember the current working directory. +cwd=`pwd` + +# Utility functions. +usage () { + cat >&2 <<EOF +Usage $0: [-h] [-s] [-d SVN_root] +Generate a distribution tar file for NSD. + + -h This usage information. + -s Build a snapshot distribution file. The current date is + automatically appended to the current NSD version number. + -rc <nr> Build a release candidate, the given string will be added + to the version number (nsd-<version>rc<number>). + -d SVN_root Retrieve the NSD source from the specified repository. +EOF + exit 1 +} + +info () { + echo "$0: info: $1" +} + +error () { + echo "$0: error: $1" >&2 + exit 1 +} + +question () { + printf "%s (y/n) " "$*" + read answer + case "$answer" in + [Yy]|[Yy][Ee][Ss]) + return 0 + ;; + *) + return 1 + ;; + esac +} + +# Only use cleanup and error_cleanup after generating the temporary +# working directory. +cleanup () { + info "Deleting temporary working directory." + cd $cwd && rm -rf $temp_dir +} + +error_cleanup () { + echo "$0: error: $1" >&2 + cleanup + exit 1 +} + +replace_text () { + (cp "$1" "$1".orig && \ + sed -e "s/$2/$3/g" < "$1".orig > "$1" && \ + rm "$1".orig) || error_cleanup "Replacement for $1 failed." +} + +replace_all () { + info "Updating '$1' with the version number." + replace_text "$1" "@version@" "$version" + info "Updating '$1' with today's date." + replace_text "$1" "@date@" "`date +'%b %e, %Y'`" +} + + +SNAPSHOT="no" +RC="no" + +# Parse the command line arguments. +while [ "$1" ]; do + case "$1" in + "-h") + usage + ;; + "-d") + SVNROOT="$2" + shift + ;; + "-rc") + RC="$2" + shift + ;; + "-s") + SNAPSHOT="yes" + ;; + *) + error "Unrecognized argument -- $1" + ;; + esac + shift +done + +# Check if SVNROOT is specified. +if [ -z "$SVNROOT" ]; then + error "SVNROOT must be specified (using -d)" +fi + +# Start the packaging process. +info "SVNROOT is $SVNROOT" +info "SNAPSHOT is $SNAPSHOT" +info "RELEASE CANDIDATE is $RC" + +#question "Do you wish to continue with these settings?" || error "User abort." + + +# Creating temp directory +info "Creating temporary working directory" +temp_dir=`mktemp -d nsd-dist-XXXXXX` +info "Directory '$temp_dir' created." +cd $temp_dir + +info "Exporting source from SVN." +svn export "$SVNROOT" nsd || error_cleanup "SVN command failed" + +cd nsd || error_cleanup "NSD not exported correctly from SVN" + +info "Building configure script (autoconf)." +autoconf || error_cleanup "Autoconf failed." + +info "Building config.h.in (autoheader)." +autoheader || error_cleanup "Autoheader failed." + +rm -r autom4te* || error_cleanup "Failed to remove autoconf cache directory." + +info "Building lexer and parser." +echo "#include <config.h>" > zlexer.c || error_cleanup "Failed to create lexer." +flex -i -t zlexer.lex >> zlexer.c || error_cleanup "Failed to create lexer." +bison -y -d -o zparser.c zparser.y || error_cleanup "Failed to create parser." +echo "#include \"configyyrename.h\"" > configlexer.c || error_cleanup "Failed to create configlexer" +flex -i -t configlexer.lex >> configlexer.c || error_cleanup "Failed to create configlexer" +bison -y -d -o configparser.c configparser.y || error_cleanup "Failed to create configparser" + +find . -name .c-mode-rc.el -exec rm {} \; +find . -name .cvsignore -exec rm {} \; +rm makedist.sh || error_cleanup "Failed to remove makedist.sh." + +info "Determining NSD version." +version=`./configure --version | head -1 | awk '{ print $3 }'` || \ + error_cleanup "Cannot determine version number." + +info "NSD version: $version" + +if [ "$RC" != "no" ]; then + info "Building NSD release candidate." + version="${version}rc$RC" + info "Release candidate version number: $version" +fi + +if [ "$SNAPSHOT" = "yes" ]; then + info "Building NSD snapshot." + version="$version-`date +%Y%m%d`" + info "Snapshot version number: $version" +fi + + + +replace_all doc/README +replace_all nsd.8 +replace_all nsdc.8 +replace_all nsd-notify.8 +replace_all nsd-checkconf.8 +replace_all nsd-patch.8 +replace_all nsd-xfer.8 +replace_all zonec.8 +replace_all nsd.conf.5 + +info "Renaming NSD directory to nsd-$version." +cd .. +mv nsd nsd-$version || error_cleanup "Failed to rename NSD directory." + +tarfile="../nsd-$version.tar.gz" + +if [ -f $tarfile ]; then + (question "The file $tarfile already exists. Overwrite?" \ + && rm -f $tarfile) || error_cleanup "User abort." +fi + +info "Deleting the tpkg directory" +rm -rf nsd-$version/tpkg/ + +info "Creating tar nsd-$version.tar.gz" +tar czf ../nsd-$version.tar.gz nsd-$version || error_cleanup "Failed to create tar file." + +cleanup + +case $OSTYPE in + linux*) + sha=`sha1sum nsd-$version.tar.gz | awk '{ print $1 }'` + ;; + FreeBSD*) + sha=`sha1 nsd-$version.tar.gz | awk '{ print $5 }'` + ;; + *) + sha=`sha1sum nsd-$version.tar.gz | awk '{ print $1 }'` + ;; +esac +echo $sha > nsd-$version.tar.gz.sha1 + +info "NSD distribution created successfully." +info "SHA1sum: $sha" + diff --git a/usr.sbin/nsd/nsd.conf.sample.in b/usr.sbin/nsd/nsd.conf.sample.in index dc2b3b989ed..cc29880b066 100644 --- a/usr.sbin/nsd/nsd.conf.sample.in +++ b/usr.sbin/nsd/nsd.conf.sample.in @@ -11,8 +11,9 @@ # options for the nsd server server: - # uncomment to specify specific interfaces to bind (default all). + # uncomment to specify specific interfaces to bind (default wildcard interface). # ip-address: 1.2.3.4 + # ip-address: 1.2.3.4@5678 # ip-address: 12fe::8ef0 # don't answer VERSION.BIND and VERSION.SERVER CHAOS class queries @@ -36,7 +37,7 @@ server: # NSID identity (hex string). default disabled. # nsid: "aabbccdd" - # log messages to file. Default to stderr and syslog. + # log messages to file. Default to stderr and syslog (with facility LOG_DAEMON). # logfile: "/var/log/nsd.log" # Number of NSD servers to fork. @@ -107,14 +108,13 @@ zone: zonefile: "example.com.zone" # This is a slave zone. Masters are listed below. + # If no access control elements are provided, this zone + # will not be served to/from other servers. # master 1 allow-notify: 168.192.44.42 mskey request-xfr: 168.192.44.42 mskey - # set local interface for sending zone transfer requests. - outgoing-interface: 10.0.0.10 - # master 2 allow-notify: 10.0.0.11 NOKEY request-xfr: 10.0.0.11 NOKEY @@ -139,20 +139,22 @@ zone: # provide-xfr: 0.0.0.0/0 NOKEY # provide-xfr: ::0/0 NOKEY + # set local interface for sending zone transfer requests. + outgoing-interface: 10.0.0.10 + # Sample zone 2 zone: name: "example.net" zonefile: "example.net.signed.zone" # This is a master zone. Slaves are listed below. + # If no access control elements are provided, this zone + # will not be served to/from other servers. # secondary 1. Uses port 5300. notify: 10.0.0.14@5300 sec1_key provide-xfr: 10.0.0.14@5300 sec1_key - # set local interface for sending notifies - outgoing-interface: 10.0.0.15 - # secondary 2. notify: 10.11.12.14 sec2_key provide-xfr: 10.11.12.14 sec2_key @@ -165,6 +167,9 @@ zone: # set the number of retries for notify. notify-retry: 5 + # set local interface for sending notifies + outgoing-interface: 10.0.0.15 + # keys for zone 2 key: name: "sec1_key" diff --git a/usr.sbin/nsd/nsd.h b/usr.sbin/nsd/nsd.h index b9678e2e8de..6432b568d90 100644 --- a/usr.sbin/nsd/nsd.h +++ b/usr.sbin/nsd/nsd.h @@ -10,9 +10,6 @@ #ifndef _NSD_H_ #define _NSD_H_ -/* disable NSID no matter what, there is no typecode yet */ -#undef NSID - #include <signal.h> #include "dns.h" diff --git a/usr.sbin/nsd/options.c b/usr.sbin/nsd/options.c index 2e2720fe205..84406ef96d9 100644 --- a/usr.sbin/nsd/options.c +++ b/usr.sbin/nsd/options.c @@ -239,9 +239,7 @@ key_options_t* key_options_create(region_type* region) key->next = 0; key->algorithm = 0; key->secret = 0; -#ifdef TSIG key->tsig_key = 0; -#endif return key; } @@ -412,7 +410,6 @@ int acl_key_matches(acl_options_t* acl, struct query* q) { if(acl->blocked) return 1; -#ifdef TSIG if(acl->nokey) { if(q->tsig.status == TSIG_NOT_PRESENT) return 1; @@ -442,11 +439,6 @@ int acl_key_matches(acl_options_t* acl, struct query* q) return 0; /* no such algo */ } return 1; -#else - if(acl->nokey) - return 1; - return 0; -#endif } int @@ -484,9 +476,9 @@ acl_same_host(acl_options_t* a, acl_options_t* b) return 1; } +#if defined(HAVE_SSL) void key_options_tsig_add(nsd_options_t* opt) { -#if defined(TSIG) && defined(HAVE_SSL) key_options_t* optkey; uint8_t data[4000]; tsig_key_type* tsigkey; @@ -512,8 +504,8 @@ void key_options_tsig_add(nsd_options_t* opt) tsig_add_key(tsigkey); optkey->tsig_key = tsigkey; } -#endif } +#endif int zone_is_slave(zone_options_t* opt) { diff --git a/usr.sbin/nsd/options.h b/usr.sbin/nsd/options.h index ce04e0779b3..9a86830828b 100644 --- a/usr.sbin/nsd/options.h +++ b/usr.sbin/nsd/options.h @@ -138,9 +138,7 @@ struct key_options { const char* name; const char* algorithm; const char* secret; -#ifdef TSIG struct tsig_key* tsig_key; -#endif }; /* @@ -178,8 +176,11 @@ zone_options_t* zone_options_create(region_type* region); zone_options_t* zone_options_find(nsd_options_t* opt, const struct dname* apex); key_options_t* key_options_create(region_type* region); key_options_t* key_options_find(nsd_options_t* opt, const char* name); + +#if defined(HAVE_SSL) /* tsig must be inited, adds all keys in options to tsig. */ void key_options_tsig_add(nsd_options_t* opt); +#endif /* check acl list, acl number that matches if passed(0..), * or failure (-1) if dropped */ diff --git a/usr.sbin/nsd/query.h b/usr.sbin/nsd/query.h index 89ea960570e..6b480604686 100644 --- a/usr.sbin/nsd/query.h +++ b/usr.sbin/nsd/query.h @@ -56,12 +56,10 @@ struct query { /* EDNS information provided by the client. */ edns_record_type edns; -#ifdef TSIG /* TSIG record information and running hash for query-response */ tsig_record_type tsig; /* tsig actions can be overridden, for axfr transfer. */ int tsig_prepare_it, tsig_update_it, tsig_sign_it; -#endif /* TSIG */ int tcp; uint16_t tcplen; diff --git a/usr.sbin/nsd/tsig-openssl.c b/usr.sbin/nsd/tsig-openssl.c index 5773fd2a674..c7a1fa33791 100644 --- a/usr.sbin/nsd/tsig-openssl.c +++ b/usr.sbin/nsd/tsig-openssl.c @@ -9,7 +9,7 @@ #include <config.h> -#if defined(TSIG) && defined(HAVE_SSL) +#if defined(HAVE_SSL) #include "tsig-openssl.h" #include "tsig.h" @@ -124,4 +124,4 @@ tsig_openssl_finalize() EVP_cleanup(); } -#endif /* defined(TSIG) && defined(HAVE_SSL) */ +#endif /* defined(HAVE_SSL) */ diff --git a/usr.sbin/nsd/tsig-openssl.h b/usr.sbin/nsd/tsig-openssl.h index 30345b6596f..859c280c4c0 100644 --- a/usr.sbin/nsd/tsig-openssl.h +++ b/usr.sbin/nsd/tsig-openssl.h @@ -10,7 +10,7 @@ #ifndef _TSIG_OPENSSL_H_ #define _TSIG_OPENSSL_H_ -#if defined(TSIG) && defined(HAVE_SSL) +#if defined(HAVE_SSL) #include "region-allocator.h" @@ -24,6 +24,6 @@ int tsig_openssl_init(region_type *region); void tsig_openssl_finalize(); -#endif /* defined(TSIG) && defined(HAVE_SSL) */ +#endif /* defined(HAVE_SSL) */ #endif /* _TSIG_H_ */ diff --git a/usr.sbin/nsd/tsig.c b/usr.sbin/nsd/tsig.c index 8b4f3249470..886d5e1f27b 100644 --- a/usr.sbin/nsd/tsig.c +++ b/usr.sbin/nsd/tsig.c @@ -103,7 +103,7 @@ tsig_init(region_type *region) tsig_key_table = NULL; tsig_algorithm_table = NULL; -#if defined(TSIG) && defined(HAVE_SSL) +#if defined(HAVE_SSL) return tsig_openssl_init(region); #endif return 1; @@ -668,7 +668,7 @@ tsig_error_reply(tsig_record_type *tsig) void tsig_finalize() { -#if defined(TSIG) && defined(HAVE_SSL) +#if defined(HAVE_SSL) tsig_openssl_finalize(); #endif } diff --git a/usr.sbin/nsd/xfrd-notify.c b/usr.sbin/nsd/xfrd-notify.c index 1ef2259cfeb..26606fb8885 100644 --- a/usr.sbin/nsd/xfrd-notify.c +++ b/usr.sbin/nsd/xfrd-notify.c @@ -95,17 +95,13 @@ init_notify_send(rbtree_t* tree, netio_type* netio, region_type* region, not->notify_send_handler.fd = -1; not->notify_send_handler.timeout = 0; not->notify_send_handler.user_data = not; - not->notify_send_handler.event_types = + not->notify_send_handler.event_types = NETIO_EVENT_READ|NETIO_EVENT_TIMEOUT; not->notify_send_handler.event_handler = xfrd_handle_notify_send; - netio_add_handler(netio, ¬->notify_send_handler); - -#ifdef TSIG - tsig_create_record_custom(¬->notify_tsig, region, 0, 0, 4); -#endif /* TSIG */ - not->notify_current = 0; - - rbtree_insert(tree, (rbnode_t*)not); + netio_add_handler(netio, ¬->notify_send_handler); + tsig_create_record_custom(¬->notify_tsig, region, 0, 0, 4); + not->notify_current = 0; + rbtree_insert(tree, (rbnode_t*)not); } static int @@ -170,11 +166,9 @@ xfrd_notify_send_udp(struct notify_zone_t* zone, buffer_type* packet) ANCOUNT_SET(packet, 1); xfrd_write_soa_buffer(packet, zone->apex, zone->current_soa); } -#ifdef TSIG if(zone->notify_current->key_options) { xfrd_tsig_sign_request(packet, &zone->notify_tsig, zone->notify_current); } -#endif /* TSIG */ buffer_flip(packet); zone->notify_send_handler.fd = xfrd_send_udp(zone->notify_current, packet, zone->options->outgoing_interface); diff --git a/usr.sbin/nsd/xfrd-notify.h b/usr.sbin/nsd/xfrd-notify.h index b9363ae20fa..cb034698e04 100644 --- a/usr.sbin/nsd/xfrd-notify.h +++ b/usr.sbin/nsd/xfrd-notify.h @@ -32,9 +32,7 @@ struct notify_zone_t { const dname_type* apex; const char* apex_str; -#ifdef TSIG tsig_record_type notify_tsig; /* tsig state for notify */ -#endif struct zone_options* options; struct xfrd_soa *current_soa; /* current SOA in NSD */ diff --git a/usr.sbin/nsd/xfrd.c b/usr.sbin/nsd/xfrd.c index f4ed69282ca..3fea8541628 100644 --- a/usr.sbin/nsd/xfrd.c +++ b/usr.sbin/nsd/xfrd.c @@ -281,9 +281,7 @@ xfrd_init_zones() xzone->tcp_waiting = 0; xzone->udp_waiting = 0; -#ifdef TSIG tsig_create_record_custom(&xzone->tsig, xfrd->region, 0, 0, 4); -#endif /* TSIG */ if(dbzone && dbzone->soa_rrset && dbzone->soa_rrset->rrs) { xzone->soa_nsd_acquired = xfrd_time(); @@ -890,7 +888,9 @@ int xfrd_bind_local_interface(int sockd, acl_options_t* ifc, acl_options_t* acl, int tcp) { +#ifdef SO_LINGER struct linger linger = {1, 0}; +#endif socklen_t frm_len; #ifdef INET6 struct sockaddr_storage frm; @@ -960,7 +960,6 @@ xfrd_bind_local_interface(int sockd, acl_options_t* ifc, acl_options_t* acl, return 0; } -#ifdef TSIG void xfrd_tsig_sign_request(buffer_type* packet, tsig_record_type* tsig, acl_options_t* acl) @@ -985,7 +984,6 @@ xfrd_tsig_sign_request(buffer_type* packet, tsig_record_type* tsig, /* prepare for validating tsigs */ tsig_prepare(tsig); } -#endif static int xfrd_send_ixfr_request_udp(xfrd_zone_t* zone) @@ -1009,11 +1007,9 @@ xfrd_send_ixfr_request_udp(xfrd_zone_t* zone) NSCOUNT_SET(xfrd->packet, 1); xfrd_write_soa_buffer(xfrd->packet, zone->apex, &zone->soa_disk); /* if we have tsig keys, sign the ixfr query */ -#ifdef TSIG if(zone->master->key_options && zone->master->key_options->tsig_key) { xfrd_tsig_sign_request(xfrd->packet, &zone->tsig, zone->master); } -#endif /* TSIG */ buffer_flip(xfrd->packet); xfrd_set_timer(zone, xfrd_time() + XFRD_UDP_TIMEOUT); @@ -1117,7 +1113,6 @@ xfrd_xfr_check_rrs(xfrd_zone_t* zone, buffer_type* packet, size_t count, return 1; } -#ifdef TSIG static int xfrd_xfr_process_tsig(xfrd_zone_t* zone, buffer_type* packet) { @@ -1166,7 +1161,6 @@ xfrd_xfr_process_tsig(xfrd_zone_t* zone, buffer_type* packet) } return 1; } -#endif /* parse the received packet. returns xfrd packet result code. */ static enum xfrd_packet_result @@ -1207,16 +1201,14 @@ xfrd_parse_received_xfr_packet(xfrd_zone_t* zone, buffer_type* packet, } return xfrd_packet_bad; } -#ifdef TSIG /* check TSIG */ if(zone->master->key_options) { if(!xfrd_xfr_process_tsig(zone, packet)) { DEBUG(DEBUG_XFRD,1, (LOG_ERR, "dropping xfr reply due " - "to bad TSIG")); + "to bad TSIG")); return xfrd_packet_bad; } } -#endif buffer_skip(packet, QHEADERSZ); /* skip question section */ @@ -1331,7 +1323,6 @@ xfrd_parse_received_xfr_packet(xfrd_zone_t* zone, buffer_type* packet, } if(done == 0) return xfrd_packet_more; -#ifdef TSIG if(zone->master->key_options) { if(zone->tsig.updates_since_last_prepare != 0) { log_msg(LOG_INFO, "xfrd: last packet of reply has no " @@ -1339,7 +1330,6 @@ xfrd_parse_received_xfr_packet(xfrd_zone_t* zone, buffer_type* packet, return xfrd_packet_bad; } } -#endif /* TSIG */ return xfrd_packet_transfer; } @@ -1419,12 +1409,10 @@ xfrd_handle_received_xfr_packet(xfrd_zone_t* zone, buffer_type* packet) "time %u from %s in %u parts", zone->apex_str, (int)zone->msg_new_serial, (int)xfrd_time(), zone->master->ip_address_spec, zone->msg_seq_nr); -#ifdef TSIG if(zone->master->key_options) { buffer_printf(packet, " TSIG verified with key %s", zone->master->key_options->name); } -#endif /* TSIG */ buffer_flip(packet); diff_write_commit(zone->apex_str, zone->msg_old_serial, zone->msg_new_serial, zone->query_id, zone->msg_seq_nr, 1, diff --git a/usr.sbin/nsd/xfrd.h b/usr.sbin/nsd/xfrd.h index 9b34322b67b..60338a8e0d6 100644 --- a/usr.sbin/nsd/xfrd.h +++ b/usr.sbin/nsd/xfrd.h @@ -173,9 +173,7 @@ struct xfrd_zone { uint32_t msg_old_serial, msg_new_serial; /* host byte order */ size_t msg_rr_count; uint8_t msg_is_ixfr; /* 1:IXFR detected. 2:middle IXFR SOA seen. */ -#ifdef TSIG tsig_record_type tsig; /* tsig state for IXFR/AXFR */ -#endif }; enum xfrd_packet_result { @@ -255,10 +253,8 @@ struct buffer* xfrd_get_temp_buffer(); /* * TSIG sign outgoing request. Call if acl has a key. */ -#ifdef TSIG void xfrd_tsig_sign_request(buffer_type* packet, struct tsig_record* tsig, acl_options_t* acl); -#endif /* handle incoming soa information (NSD is running it, time acquired=guess). Pass soa=NULL,acquired=now if NSD has nothing loaded for the zone |