summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.sbin/nsd/config.h.in6
-rw-r--r--usr.sbin/nsd/configparser.y3
-rw-r--r--usr.sbin/nsd/configure62
-rw-r--r--usr.sbin/nsd/configure.ac25
-rw-r--r--usr.sbin/nsd/dbaccess.c14
-rw-r--r--usr.sbin/nsd/difffile.c21
-rw-r--r--usr.sbin/nsd/ipc.c1
-rw-r--r--usr.sbin/nsd/nsd-checkconf.8.in2
-rw-r--r--usr.sbin/nsd/nsd-checkconf.c30
-rw-r--r--usr.sbin/nsd/nsd-checkzone.8.in2
-rw-r--r--usr.sbin/nsd/nsd-checkzone.c15
-rw-r--r--usr.sbin/nsd/nsd-control.8.in2
-rw-r--r--usr.sbin/nsd/nsd-control.c36
-rw-r--r--usr.sbin/nsd/nsd-mem.c15
-rw-r--r--usr.sbin/nsd/nsd.8.in4
-rw-r--r--usr.sbin/nsd/nsd.c52
-rw-r--r--usr.sbin/nsd/nsd.conf.5.in6
-rw-r--r--usr.sbin/nsd/nsd.conf.sample.in3
-rw-r--r--usr.sbin/nsd/nsd.h2
-rw-r--r--usr.sbin/nsd/nsec3.c13
-rw-r--r--usr.sbin/nsd/nsec3.h2
-rw-r--r--usr.sbin/nsd/options.c1
-rw-r--r--usr.sbin/nsd/options.h1
-rw-r--r--usr.sbin/nsd/remote.c30
-rw-r--r--usr.sbin/nsd/server.c2
-rw-r--r--usr.sbin/nsd/util.c35
-rw-r--r--usr.sbin/nsd/util.h10
-rw-r--r--usr.sbin/nsd/xfrd.c12
-rw-r--r--usr.sbin/nsd/zparser.y4
29 files changed, 223 insertions, 188 deletions
diff --git a/usr.sbin/nsd/config.h.in b/usr.sbin/nsd/config.h.in
index eded09dd6b3..4d47f603062 100644
--- a/usr.sbin/nsd/config.h.in
+++ b/usr.sbin/nsd/config.h.in
@@ -1,5 +1,8 @@
/* config.h.in. Generated from configure.ac by autoheader. */
+/* apply the noreturn attribute to a function that exits the program */
+#undef ATTR_NORETURN
+
/* Define this to enable BIND8 like NSTATS & XSTATS. */
#undef BIND8_STATS
@@ -43,6 +46,9 @@
/* Whether the C compiler accepts the "format" attribute */
#undef HAVE_ATTR_FORMAT
+/* Whether the C compiler accepts the "noreturn" attribute */
+#undef HAVE_ATTR_NORETURN
+
/* Whether the C compiler accepts the "unused" attribute */
#undef HAVE_ATTR_UNUSED
diff --git a/usr.sbin/nsd/configparser.y b/usr.sbin/nsd/configparser.y
index 547518f88c6..567641ce706 100644
--- a/usr.sbin/nsd/configparser.y
+++ b/usr.sbin/nsd/configparser.y
@@ -154,9 +154,6 @@ server_debug_mode: VAR_DEBUG_MODE STRING
server_use_systemd: VAR_USE_SYSTEMD STRING
{
OUTYY(("P(server_use_systemd:%s)\n", $2));
- if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
- yyerror("expected yes or no.");
- else cfg_parser->opt->use_systemd = (strcmp($2, "yes")==0);
}
;
server_verbosity: VAR_VERBOSITY STRING
diff --git a/usr.sbin/nsd/configure b/usr.sbin/nsd/configure
index 13da401ab9b..a4b87938db6 100644
--- a/usr.sbin/nsd/configure
+++ b/usr.sbin/nsd/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for NSD 4.1.24.
+# Generated by GNU Autoconf 2.69 for NSD 4.1.25.
#
# Report bugs to <nsd-bugs@nlnetlabs.nl>.
#
@@ -580,8 +580,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='NSD'
PACKAGE_TARNAME='nsd'
-PACKAGE_VERSION='4.1.24'
-PACKAGE_STRING='NSD 4.1.24'
+PACKAGE_VERSION='4.1.25'
+PACKAGE_STRING='NSD 4.1.25'
PACKAGE_BUGREPORT='nsd-bugs@nlnetlabs.nl'
PACKAGE_URL=''
@@ -1287,7 +1287,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures NSD 4.1.24 to adapt to many kinds of systems.
+\`configure' configures NSD 4.1.25 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1348,7 +1348,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of NSD 4.1.24:";;
+ short | recursive ) echo "Configuration of NSD 4.1.25:";;
esac
cat <<\_ACEOF
@@ -1498,7 +1498,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-NSD configure 4.1.24
+NSD configure 4.1.25
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2207,7 +2207,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by NSD $as_me 4.1.24, which was
+It was created by NSD $as_me 4.1.25, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -4987,6 +4987,7 @@ fi
+
# Checks for typedefs, structures, and compiler characteristics.
# allow user to override the -g -O2 flags.
if test "x$CFLAGS" = "x" ; then
@@ -5456,6 +5457,49 @@ $as_echo "#define HAVE_ATTR_UNUSED 1" >>confdefs.h
fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler (${CC-cc}) accepts the \"noreturn\" attribute" >&5
+$as_echo_n "checking whether the C compiler (${CC-cc}) accepts the \"noreturn\" attribute... " >&6; }
+if ${ac_cv_c_noreturn_attribute+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_c_noreturn_attribute=no
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <stdio.h>
+__attribute__((noreturn)) void f(int x) { printf("%d", x); }
+
+int
+main ()
+{
+
+ f(1);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_noreturn_attribute="yes"
+else
+ ac_cv_c_noreturn_attribute="no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_noreturn_attribute" >&5
+$as_echo "$ac_cv_c_noreturn_attribute" >&6; }
+if test $ac_cv_c_noreturn_attribute = yes; then
+
+$as_echo "#define HAVE_ATTR_NORETURN 1" >>confdefs.h
+
+
+$as_echo "#define ATTR_NORETURN __attribute__((__noreturn__))" >>confdefs.h
+
+fi
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if memcmp compares unsigned" >&5
$as_echo_n "checking if memcmp compares unsigned... " >&6; }
if test "$cross_compiling" = yes; then :
@@ -9824,7 +9868,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by NSD $as_me 4.1.24, which was
+This file was extended by NSD $as_me 4.1.25, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -9886,7 +9930,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-NSD config.status 4.1.24
+NSD config.status 4.1.25
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff --git a/usr.sbin/nsd/configure.ac b/usr.sbin/nsd/configure.ac
index 80307c594c2..ad5399a9d72 100644
--- a/usr.sbin/nsd/configure.ac
+++ b/usr.sbin/nsd/configure.ac
@@ -4,7 +4,7 @@ dnl
sinclude(acx_nlnetlabs.m4)
-AC_INIT(NSD,4.1.24,nsd-bugs@nlnetlabs.nl)
+AC_INIT(NSD,4.1.25,nsd-bugs@nlnetlabs.nl)
AC_CONFIG_HEADER([config.h])
CFLAGS="$CFLAGS"
@@ -230,6 +230,28 @@ if test $ac_cv_c_unused_attribute = yes; then
fi
])dnl
+AC_DEFUN([CHECK_NORETURN_ATTRIBUTE],
+[AC_REQUIRE([AC_PROG_CC])
+AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "noreturn" attribute)
+AC_CACHE_VAL(ac_cv_c_noreturn_attribute,
+[ac_cv_c_noreturn_attribute=no
+AC_TRY_COMPILE(
+[ #include <stdio.h>
+__attribute__((noreturn)) void f(int x) { printf("%d", x); }
+], [
+ f(1);
+],
+[ac_cv_c_noreturn_attribute="yes"],
+[ac_cv_c_noreturn_attribute="no"])
+])
+
+AC_MSG_RESULT($ac_cv_c_noreturn_attribute)
+if test $ac_cv_c_noreturn_attribute = yes; then
+ AC_DEFINE(HAVE_ATTR_NORETURN, 1, [Whether the C compiler accepts the "noreturn" attribute])
+ AC_DEFINE(ATTR_NORETURN, [__attribute__((__noreturn__))], [apply the noreturn attribute to a function that exits the program])
+fi
+])dnl End of CHECK_NORETURN_ATTRIBUTE
+
AC_DEFUN([CHECK_COMPILER_FLAG],
[
AC_REQUIRE([AC_PROG_CC])
@@ -296,6 +318,7 @@ AC_TYPE_OFF_T
AC_CHECK_FORMAT_ATTRIBUTE
AC_CHECK_UNUSED_ATTRIBUTE
+CHECK_NORETURN_ATTRIBUTE
ACX_CHECK_MEMCMP_SIGNED
AC_CHECK_CTIME_R
diff --git a/usr.sbin/nsd/dbaccess.c b/usr.sbin/nsd/dbaccess.c
index 317273361b7..da0762e9750 100644
--- a/usr.sbin/nsd/dbaccess.c
+++ b/usr.sbin/nsd/dbaccess.c
@@ -571,13 +571,10 @@ namedb_read_zonefile(struct nsd* nsd, struct zone* zone, udb_base* taskudb,
assert(parser);
/* wipe zone from memory */
#ifdef NSEC3
- nsec3_hash_tree_clear(zone);
-#endif
- delete_zone_rrs(nsd->db, zone);
-#ifdef NSEC3
nsec3_clear_precompile(nsd->db, zone);
zone->nsec3_param = NULL;
-#endif /* NSEC3 */
+#endif
+ delete_zone_rrs(nsd->db, zone);
errors = zonec_read(zone->opts->name, fname, zone);
if(errors > 0) {
log_msg(LOG_ERR, "zone %s file %s read with %u errors",
@@ -585,13 +582,10 @@ namedb_read_zonefile(struct nsd* nsd, struct zone* zone, udb_base* taskudb,
/* wipe (partial) zone from memory */
zone->is_ok = 1;
#ifdef NSEC3
- nsec3_hash_tree_clear(zone);
-#endif
- delete_zone_rrs(nsd->db, zone);
-#ifdef NSEC3
nsec3_clear_precompile(nsd->db, zone);
zone->nsec3_param = NULL;
-#endif /* NSEC3 */
+#endif
+ delete_zone_rrs(nsd->db, zone);
if(nsd->db->udb) {
region_type* dname_region;
udb_ptr z;
diff --git a/usr.sbin/nsd/difffile.c b/usr.sbin/nsd/difffile.c
index 1fec3a93896..4182db6bcff 100644
--- a/usr.sbin/nsd/difffile.c
+++ b/usr.sbin/nsd/difffile.c
@@ -1138,15 +1138,12 @@ apply_ixfr(namedb_type* db, FILE *in, const char* zone, uint32_t serialno,
if(*rr_count == 1 && type != TYPE_SOA) {
/* second RR: if not SOA: this is an AXFR; delete all zone contents */
#ifdef NSEC3
- nsec3_hash_tree_clear(zone_db);
+ nsec3_clear_precompile(db, zone_db);
+ zone_db->nsec3_param = NULL;
#endif
delete_zone_rrs(db, zone_db);
if(db->udb)
udb_zone_clear(db->udb, udbz);
-#ifdef NSEC3
- nsec3_clear_precompile(db, zone_db);
- zone_db->nsec3_param = NULL;
-#endif /* NSEC3 */
/* add everything else (incl end SOA) */
*delete_mode = 0;
*is_axfr = 1;
@@ -1169,15 +1166,12 @@ apply_ixfr(namedb_type* db, FILE *in, const char* zone, uint32_t serialno,
if(thisserial == serialno) {
/* AXFR */
#ifdef NSEC3
- nsec3_hash_tree_clear(zone_db);
+ nsec3_clear_precompile(db, zone_db);
+ zone_db->nsec3_param = NULL;
#endif
delete_zone_rrs(db, zone_db);
if(db->udb)
udb_zone_clear(db->udb, udbz);
-#ifdef NSEC3
- nsec3_clear_precompile(db, zone_db);
- zone_db->nsec3_param = NULL;
-#endif /* NSEC3 */
*delete_mode = 0;
*is_axfr = 1;
}
@@ -1913,7 +1907,8 @@ task_process_del_zone(struct nsd* nsd, struct task_list_d* task)
return;
#ifdef NSEC3
- nsec3_hash_tree_clear(zone);
+ nsec3_clear_precompile(nsd->db, zone);
+ zone->nsec3_param = NULL;
#endif
delete_zone_rrs(nsd->db, zone);
if(nsd->db->udb) {
@@ -1924,10 +1919,6 @@ task_process_del_zone(struct nsd* nsd, struct task_list_d* task)
udb_ptr_unlink(&udbz, nsd->db->udb);
}
}
-#ifdef NSEC3
- nsec3_clear_precompile(nsd->db, zone);
- zone->nsec3_param = NULL;
-#endif /* NSEC3 */
/* remove from zonetree, apex, soa */
zopt = zone->opts;
diff --git a/usr.sbin/nsd/ipc.c b/usr.sbin/nsd/ipc.c
index ff5bf07db1a..4da914d7ce8 100644
--- a/usr.sbin/nsd/ipc.c
+++ b/usr.sbin/nsd/ipc.c
@@ -30,6 +30,7 @@ static void xfrd_send_reload_req(xfrd_state_type* xfrd);
static void xfrd_send_quit_req(xfrd_state_type* xfrd);
/* perform read part of handle ipc for xfrd */
static void xfrd_handle_ipc_read(struct event* handler, xfrd_state_type* xfrd);
+static void ipc_child_quit(struct nsd* nsd) ATTR_NORETURN;
static void
ipc_child_quit(struct nsd* nsd)
diff --git a/usr.sbin/nsd/nsd-checkconf.8.in b/usr.sbin/nsd/nsd-checkconf.8.in
index c9e43529bc3..d9d7bd5342d 100644
--- a/usr.sbin/nsd/nsd-checkconf.8.in
+++ b/usr.sbin/nsd/nsd-checkconf.8.in
@@ -1,4 +1,4 @@
-.TH "nsd\-checkconf" "8" "Aug 13, 2018" "NLnet Labs" "nsd 4.1.24"
+.TH "nsd\-checkconf" "8" "Sep 25, 2018" "NLnet Labs" "nsd 4.1.25"
.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"
diff --git a/usr.sbin/nsd/nsd-checkconf.c b/usr.sbin/nsd/nsd-checkconf.c
index 41d520fa22f..f4044c42295 100644
--- a/usr.sbin/nsd/nsd-checkconf.c
+++ b/usr.sbin/nsd/nsd-checkconf.c
@@ -20,6 +20,7 @@
extern char *optarg;
extern int optind;
+static void usage(void) ATTR_NORETURN;
#define ZONE_GET_ACL(NAME, VAR, PATTERN) \
if (strcasecmp(#NAME, (VAR)) == 0) { \
@@ -364,7 +365,6 @@ config_print_zone(nsd_options_type* opt, const char* k, int s, const char *o,
SERV_GET_BIN(do_ip4, o);
SERV_GET_BIN(do_ip6, o);
SERV_GET_BIN(reuseport, o);
- SERV_GET_BIN(use_systemd, o);
SERV_GET_BIN(hide_version, o);
SERV_GET_BIN(zonefiles_check, o);
SERV_GET_BIN(log_time_ascii, o);
@@ -481,7 +481,6 @@ config_test_print_server(nsd_options_type* opt)
printf("\tip-transparent: %s\n", opt->ip_transparent?"yes":"no");
printf("\tip-freebind: %s\n", opt->ip_freebind?"yes":"no");
printf("\treuseport: %s\n", opt->reuseport?"yes":"no");
- printf("\tuse-systemd: %s\n", opt->use_systemd?"yes":"no");
printf("\tdo-ip4: %s\n", opt->do_ip4?"yes":"no");
printf("\tdo-ip6: %s\n", opt->do_ip6?"yes":"no");
printf("\thide-version: %s\n", opt->hide_version?"yes":"no");
@@ -563,26 +562,6 @@ config_test_print_server(nsd_options_type* opt)
}
-static void
-append_trailing_slash(const char** dirname, region_type* region)
-{
- int l = strlen(*dirname);
- if (l>0 && (*dirname)[l-1] != '/' && l < 0xffffff) {
- char *dirname_slash = region_alloc(region, l+2);
- memcpy(dirname_slash, *dirname, l+1);
- strlcat(dirname_slash, "/", l+2);
- *dirname = dirname_slash;
- }
-}
-
-static int
-file_inside_chroot(const char* fname, const char* chr)
-{
- /* true if filename starts with chroot or is not absolute */
- return ((fname && fname[0] && strncmp(fname, chr, strlen(chr)) == 0) ||
- (fname && fname[0] != '/'));
-}
-
static int
additional_checks(nsd_options_type* opt, const char* filename)
{
@@ -595,6 +574,7 @@ additional_checks(nsd_options_type* opt, const char* filename)
if(!dname) {
fprintf(stderr, "%s: cannot parse zone name syntax for zone %s.\n", filename, zone->name);
errors ++;
+ continue;
}
#ifndef ROOT_SERVER
/* Is it a root zone? Are we a root server then? Idiot proof. */
@@ -755,9 +735,9 @@ main(int argc, char* argv[])
usage();
};
}
- argc -= optind;
- argv += optind;
- if (argc == 0 || argc>=2) {
+ argc -= optind;
+ argv += optind;
+ if (argc == 0 || argc>=2) {
usage();
}
configfile = argv[0];
diff --git a/usr.sbin/nsd/nsd-checkzone.8.in b/usr.sbin/nsd/nsd-checkzone.8.in
index 3e9d2e447de..da43863aeb5 100644
--- a/usr.sbin/nsd/nsd-checkzone.8.in
+++ b/usr.sbin/nsd/nsd-checkzone.8.in
@@ -1,4 +1,4 @@
-.TH "nsd\-checkzone" "8" "Aug 13, 2018" "NLnet Labs" "nsd 4.1.24"
+.TH "nsd\-checkzone" "8" "Sep 25, 2018" "NLnet Labs" "nsd 4.1.25"
.\" Copyright (c) 2014, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"
diff --git a/usr.sbin/nsd/nsd-checkzone.c b/usr.sbin/nsd/nsd-checkzone.c
index c8366f99e14..21b8ce5648d 100644
--- a/usr.sbin/nsd/nsd-checkzone.c
+++ b/usr.sbin/nsd/nsd-checkzone.c
@@ -22,7 +22,6 @@
#include "util.h"
#include "zonec.h"
-static void error(const char *format, ...) ATTR_FORMAT(printf, 1, 2);
struct nsd nsd;
/*
@@ -37,20 +36,6 @@ usage (void)
PACKAGE_VERSION, PACKAGE_BUGREPORT);
}
-/*
- * Something went wrong, give error messages and exit.
- *
- */
-static void
-error(const char *format, ...)
-{
- va_list args;
- va_start(args, format);
- log_vmsg(LOG_ERR, format, args);
- va_end(args);
- exit(1);
-}
-
static void
check_zone(struct nsd* nsd, const char* name, const char* fname)
{
diff --git a/usr.sbin/nsd/nsd-control.8.in b/usr.sbin/nsd/nsd-control.8.in
index 5041fba4e3d..cabaf3d72e9 100644
--- a/usr.sbin/nsd/nsd-control.8.in
+++ b/usr.sbin/nsd/nsd-control.8.in
@@ -1,4 +1,4 @@
-.TH "nsd\-control" "8" "Aug 13, 2018" "NLnet Labs" "nsd 4.1.24"
+.TH "nsd\-control" "8" "Sep 25, 2018" "NLnet Labs" "nsd 4.1.25"
.\" Copyright (c) 2011, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"
diff --git a/usr.sbin/nsd/nsd-control.c b/usr.sbin/nsd/nsd-control.c
index 0a10f652f41..f86a5f779fc 100644
--- a/usr.sbin/nsd/nsd-control.c
+++ b/usr.sbin/nsd/nsd-control.c
@@ -63,6 +63,10 @@
#include "tsig.h"
#include "options.h"
+static void usage() ATTR_NORETURN;
+static void ssl_err(const char* s) ATTR_NORETURN;
+static void ssl_path_err(const char* s, const char *path) ATTR_NORETURN;
+
/** Give nsd-control usage, and exit (1). */
static void
usage()
@@ -107,6 +111,22 @@ static void ssl_err(const char* s)
exit(1);
}
+/** exit with ssl error related to a file path */
+static void ssl_path_err(const char* s, const char *path)
+{
+ unsigned long err;
+ err = ERR_peek_error();
+ if (ERR_GET_LIB(err) == ERR_LIB_SYS &&
+ (ERR_GET_FUNC(err) == SYS_F_FOPEN ||
+ ERR_GET_FUNC(err) == SYS_F_FREAD) ) {
+ fprintf(stderr, "error: %s\n%s: %s\n",
+ s, path, ERR_reason_error_string(err));
+ exit(1);
+ } else {
+ ssl_err(s);
+ }
+}
+
/** setup SSL context */
static SSL_CTX*
setup_ctx(struct nsd_options* cfg)
@@ -124,7 +144,8 @@ setup_ctx(struct nsd_options* cfg)
if (cfg->zonesdir && cfg->zonesdir[0] &&
(s_cert[0] != '/' || c_key[0] != '/' || c_cert[0] != '/')) {
if(chdir(cfg->zonesdir))
- ssl_err("could not chdir to zonesdir");
+ error("could not chdir to zonesdir: %s %s",
+ cfg->zonesdir, strerror(errno));
}
ctx = SSL_CTX_new(SSLv23_client_method());
@@ -136,12 +157,15 @@ setup_ctx(struct nsd_options* cfg)
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
!= SSL_OP_NO_SSLv3)
ssl_err("could not set SSL_OP_NO_SSLv3");
- if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) ||
- !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
- || !SSL_CTX_check_private_key(ctx))
- ssl_err("Error setting up SSL_CTX client key and cert");
+ if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM))
+ ssl_path_err("Error setting up SSL_CTX client cert", c_cert);
+ if(!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM))
+ ssl_path_err("Error setting up SSL_CTX client key", c_key);
+ if(!SSL_CTX_check_private_key(ctx))
+ ssl_err("Error setting up SSL_CTX client key");
if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1)
- ssl_err("Error setting up SSL_CTX verify, server cert");
+ ssl_path_err("Error setting up SSL_CTX verify, server cert",
+ s_cert);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
return ctx;
diff --git a/usr.sbin/nsd/nsd-mem.c b/usr.sbin/nsd/nsd-mem.c
index 53c8958b109..0cc72bdc2ba 100644
--- a/usr.sbin/nsd/nsd-mem.c
+++ b/usr.sbin/nsd/nsd-mem.c
@@ -25,7 +25,6 @@
#include "udbzone.h"
#include "util.h"
-static void error(const char *format, ...) ATTR_FORMAT(printf, 1, 2);
struct nsd nsd;
/*
@@ -40,20 +39,6 @@ usage (void)
PACKAGE_VERSION, PACKAGE_BUGREPORT);
}
-/*
- * Something went wrong, give error messages and exit.
- *
- */
-static void
-error(const char *format, ...)
-{
- va_list args;
- va_start(args, format);
- log_vmsg(LOG_ERR, format, args);
- va_end(args);
- exit(1);
-}
-
/* zone memory structure */
struct zone_mem {
/* size of data (allocated in db.region) */
diff --git a/usr.sbin/nsd/nsd.8.in b/usr.sbin/nsd/nsd.8.in
index 7095c74c39f..46425aea47a 100644
--- a/usr.sbin/nsd/nsd.8.in
+++ b/usr.sbin/nsd/nsd.8.in
@@ -1,9 +1,9 @@
-.TH "NSD" "8" "Aug 13, 2018" "NLnet Labs" "NSD 4.1.24"
+.TH "NSD" "8" "Sep 25, 2018" "NLnet Labs" "NSD 4.1.25"
.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"
.B nsd
-\- Name Server Daemon (NSD) version 4.1.24.
+\- Name Server Daemon (NSD) version 4.1.25.
.SH "SYNOPSIS"
.B nsd
.RB [ \-4 ]
diff --git a/usr.sbin/nsd/nsd.c b/usr.sbin/nsd/nsd.c
index 44be84a9149..b3d499b8c9a 100644
--- a/usr.sbin/nsd/nsd.c
+++ b/usr.sbin/nsd/nsd.c
@@ -50,8 +50,7 @@
struct nsd nsd;
static char hostname[MAXHOSTNAMELEN];
extern config_parser_state_type* cfg_parser;
-
-static void error(const char *format, ...) ATTR_FORMAT(printf, 1, 2);
+static void version(void) ATTR_NORETURN;
/*
* Print the help text.
@@ -115,56 +114,21 @@ version(void)
exit(0);
}
-/*
- * Something went wrong, give error messages and exit.
- *
- */
-static void
-error(const char *format, ...)
-{
- va_list args;
- va_start(args, format);
- log_vmsg(LOG_ERR, format, args);
- va_end(args);
- exit(1);
-}
-
-static void
-append_trailing_slash(const char** dirname, region_type* region)
-{
- int l = strlen(*dirname);
- if (l>0 && (*dirname)[l-1] != '/' && l < 0xffffff) {
- char *dirname_slash = region_alloc(region, l+2);
- memcpy(dirname_slash, *dirname, l+1);
- strlcat(dirname_slash, "/", l+2);
- /* old dirname is leaked, this is only used for chroot, once */
- *dirname = dirname_slash;
- }
-}
-
-static int
-file_inside_chroot(const char* fname, const char* chr)
-{
- /* true if filename starts with chroot or is not absolute */
- return ((fname && fname[0] && strncmp(fname, chr, strlen(chr)) == 0) ||
- (fname && fname[0] != '/'));
-}
-
void
get_ip_port_frm_str(const char* arg, const char** hostname,
const char** port)
{
- /* parse src[@port] option */
- char* delim = NULL;
+ /* parse src[@port] option */
+ char* delim = NULL;
if (arg) {
delim = strchr(arg, '@');
}
- if (delim) {
- *delim = '\0';
- *port = delim+1;
- }
- *hostname = arg;
+ if (delim) {
+ *delim = '\0';
+ *port = delim+1;
+ }
+ *hostname = arg;
}
/* append interface to interface array (names, udp, tcp) */
diff --git a/usr.sbin/nsd/nsd.conf.5.in b/usr.sbin/nsd/nsd.conf.5.in
index df39b874641..9aaddeead28 100644
--- a/usr.sbin/nsd/nsd.conf.5.in
+++ b/usr.sbin/nsd/nsd.conf.5.in
@@ -1,4 +1,4 @@
-.TH "nsd.conf" "5" "Aug 13, 2018" "NLnet Labs" "nsd 4.1.24"
+.TH "nsd.conf" "5" "Sep 25, 2018" "NLnet Labs" "nsd 4.1.25"
.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"
@@ -189,10 +189,6 @@ If set to yes it does not fork and stays in the foreground, which can
be helpful for commandline debugging, but is also used by certain
server supervisor processes to ascertain that the server is running.
.TP
-.B use\-systemd: \fI<yes or no>
-Enable or disable systemd readiness signalling.
-Default is no.
-.TP
.B do\-ip4:\fR <yes or no>
If yes, NSD listens to IPv4 connections. Default yes.
.TP
diff --git a/usr.sbin/nsd/nsd.conf.sample.in b/usr.sbin/nsd/nsd.conf.sample.in
index 187e422448e..f5cd7b1da9a 100644
--- a/usr.sbin/nsd/nsd.conf.sample.in
+++ b/usr.sbin/nsd/nsd.conf.sample.in
@@ -36,9 +36,6 @@ server:
# enable debug mode, does not fork daemon process into the background.
# debug-mode: no
- # use systemd for readiness signalling.
- # use-systemd: no
-
# listen on IPv4 connections
# do-ip4: yes
diff --git a/usr.sbin/nsd/nsd.h b/usr.sbin/nsd/nsd.h
index 5133b1b7918..903dc814282 100644
--- a/usr.sbin/nsd/nsd.h
+++ b/usr.sbin/nsd/nsd.h
@@ -282,7 +282,7 @@ int server_init(struct nsd *nsd);
int server_prepare(struct nsd *nsd);
void server_main(struct nsd *nsd);
void server_child(struct nsd *nsd);
-void server_shutdown(struct nsd *nsd);
+void server_shutdown(struct nsd *nsd) ATTR_NORETURN;
void server_close_all_sockets(struct nsd_socket sockets[], size_t n);
struct event_base* nsd_child_event_base(void);
/* extra domain numbers for temporary domains */
diff --git a/usr.sbin/nsd/nsec3.c b/usr.sbin/nsd/nsec3.c
index 5e66d40104b..f323b693107 100644
--- a/usr.sbin/nsd/nsec3.c
+++ b/usr.sbin/nsd/nsec3.c
@@ -88,14 +88,6 @@ void nsec3_zone_trees_create(struct region* region, zone_type* zone)
zone->dshashtree = rbtree_create(region, cmp_dshash_tree);
}
-void nsec3_hash_tree_clear(struct zone* zone)
-{
- hash_tree_clear(zone->nsec3tree);
- hash_tree_clear(zone->hashtree);
- hash_tree_clear(zone->wchashtree);
- hash_tree_clear(zone->dshashtree);
-}
-
static void
detect_nsec3_params(rr_type* nsec3_apex,
const unsigned char** salt, int* salt_len, int* iter)
@@ -675,6 +667,7 @@ prehash_zone_complete(struct namedb* db, struct zone* zone)
/* find zone settings */
assert(db && zone);
+ udbz.data = 0;
if(db->udb) {
if(!udb_zone_search(db->udb, &udbz, dname_name(domain_dname(
zone->apex)), domain_dname(zone->apex)->name_size)) {
@@ -685,11 +678,11 @@ prehash_zone_complete(struct namedb* db, struct zone* zone)
if(!zone->nsec3_param || !check_apex_soa(db, zone, 0)) {
zone->nsec3_param = NULL;
zone->nsec3_last = NULL;
- if(db->udb)
+ if(udbz.data)
udb_ptr_unlink(&udbz, db->udb);
return;
}
- if(db->udb)
+ if(udbz.data)
udb_ptr_unlink(&udbz, db->udb);
nsec3_precompile_newparam(db, zone);
}
diff --git a/usr.sbin/nsd/nsec3.h b/usr.sbin/nsd/nsec3.h
index c4283999144..43d0dfc944d 100644
--- a/usr.sbin/nsd/nsec3.h
+++ b/usr.sbin/nsd/nsec3.h
@@ -109,8 +109,6 @@ const struct dname* nsec3_b32_create(struct region* region, struct zone* zone,
unsigned char* hash);
/* create trees for nsec3 updates and lookups in zone */
void nsec3_zone_trees_create(struct region* region, struct zone* zone);
-/* clear trees for nsec3 in zone */
-void nsec3_hash_tree_clear(struct zone* zone);
/* lookup zone that contains domain's nsec3 trees */
struct zone* nsec3_tree_zone(struct namedb* db, struct domain* domain);
/* lookup zone that contains domain's ds tree */
diff --git a/usr.sbin/nsd/options.c b/usr.sbin/nsd/options.c
index eaca70890cb..d9028c7305d 100644
--- a/usr.sbin/nsd/options.c
+++ b/usr.sbin/nsd/options.c
@@ -78,7 +78,6 @@ nsd_options_create(region_type* region)
opt->port = UDP_PORT;
/* deprecated? opt->port = TCP_PORT; */
opt->reuseport = 0;
- opt->use_systemd = 0;
opt->statistics = 0;
opt->chroot = 0;
opt->username = USER;
diff --git a/usr.sbin/nsd/options.h b/usr.sbin/nsd/options.h
index 1fef3102813..3b1ad62b9db 100644
--- a/usr.sbin/nsd/options.h
+++ b/usr.sbin/nsd/options.h
@@ -96,7 +96,6 @@ struct nsd_options {
int minimal_responses;
int refuse_any;
int reuseport;
- int use_systemd;
/** remote control section. enable toggle. */
int control_enable;
diff --git a/usr.sbin/nsd/remote.c b/usr.sbin/nsd/remote.c
index a9d24b01180..e218ba4cc64 100644
--- a/usr.sbin/nsd/remote.c
+++ b/usr.sbin/nsd/remote.c
@@ -138,6 +138,8 @@ struct acceptlist {
struct acceptlist* next;
int event_added;
struct event c;
+ char* ident;
+ struct daemon_remote* rc;
};
/**
@@ -378,6 +380,7 @@ void daemon_remote_close(struct daemon_remote* rc)
if(h->event_added)
event_del(&h->c);
close(h->c.ev_fd);
+ free(h->ident);
free(h);
h = nh;
}
@@ -476,12 +479,13 @@ add_open(struct daemon_remote* rc, struct nsd_options* cfg, const char* ip,
struct addrinfo hints;
struct addrinfo* res;
struct acceptlist* hl;
- int noproto;
+ int noproto = 0;
int fd, r;
char port[15];
snprintf(port, sizeof(port), "%d", nr);
port[sizeof(port)-1]=0;
memset(&hints, 0, sizeof(hints));
+ assert(ip);
if(ip[0] == '/') {
/* This looks like a local socket */
@@ -539,6 +543,14 @@ add_open(struct daemon_remote* rc, struct nsd_options* cfg, const char* ip,
/* alloc */
hl = (struct acceptlist*)xalloc_zero(sizeof(*hl));
+ hl->rc = rc;
+ hl->ident = strdup(ip);
+ if(!hl->ident) {
+ log_msg(LOG_ERR, "malloc failure");
+ close(fd);
+ free(hl);
+ return 0;
+ }
hl->next = rc->accept_list;
rc->accept_list = hl;
@@ -582,7 +594,7 @@ daemon_remote_attach(struct daemon_remote* rc, struct xfrd_state* xfrd)
/* add event */
fd = p->c.ev_fd;
event_set(&p->c, fd, EV_PERSIST|EV_READ, remote_accept_callback,
- rc);
+ p);
if(event_base_set(xfrd->event_base, &p->c) != 0)
log_msg(LOG_ERR, "remote: cannot set event_base");
if(event_add(&p->c, NULL) != 0)
@@ -594,7 +606,8 @@ daemon_remote_attach(struct daemon_remote* rc, struct xfrd_state* xfrd)
static void
remote_accept_callback(int fd, short event, void* arg)
{
- struct daemon_remote *rc = (struct daemon_remote*)arg;
+ struct acceptlist *hl = (struct acceptlist*)arg;
+ struct daemon_remote *rc = hl->rc;
#ifdef INET6
struct sockaddr_storage addr;
#else
@@ -672,9 +685,13 @@ remote_accept_callback(int fd, short event, void* arg)
n->event_added = 1;
if(2 <= verbosity) {
- char s[128];
- addr2str(&addr, s, sizeof(s));
- VERBOSITY(2, (LOG_INFO, "new control connection from %s", s));
+ if(hl->ident && hl->ident[0] == '/') {
+ VERBOSITY(2, (LOG_INFO, "new control connection from %s", hl->ident));
+ } else {
+ char s[128];
+ addr2str(&addr, s, sizeof(s));
+ VERBOSITY(2, (LOG_INFO, "new control connection from %s", s));
+ }
}
if(rc->ctx) {
@@ -2374,7 +2391,6 @@ err:
return -1;
#else
- (void)use_systemd;
(void)path;
log_msg(LOG_ERR, "Local sockets are not supported");
*noproto = 1;
diff --git a/usr.sbin/nsd/server.c b/usr.sbin/nsd/server.c
index 637442c494a..af2f60f243a 100644
--- a/usr.sbin/nsd/server.c
+++ b/usr.sbin/nsd/server.c
@@ -2026,7 +2026,7 @@ server_child(struct nsd *nsd)
server_close_all_sockets(nsd->udp, nsd->ifs);
}
- if (nsd->this_child && nsd->this_child->parent_fd != -1) {
+ if (nsd->this_child->parent_fd != -1) {
struct event *handler;
struct ipc_handler_conn_data* user_data =
(struct ipc_handler_conn_data*)region_alloc(
diff --git a/usr.sbin/nsd/util.c b/usr.sbin/nsd/util.c
index 458f0946643..1d59470f2c3 100644
--- a/usr.sbin/nsd/util.c
+++ b/usr.sbin/nsd/util.c
@@ -1085,3 +1085,38 @@ addr2str(
str, len))
strlcpy(str, "[unknown ip4, inet_ntop failed]", len);
}
+
+void
+append_trailing_slash(const char** dirname, region_type* region)
+{
+ int l = strlen(*dirname);
+ if (l>0 && (*dirname)[l-1] != '/' && l < 0xffffff) {
+ char *dirname_slash = region_alloc(region, l+2);
+ memcpy(dirname_slash, *dirname, l+1);
+ strlcat(dirname_slash, "/", l+2);
+ /* old dirname is leaked, this is only used for chroot, once */
+ *dirname = dirname_slash;
+ }
+}
+
+int
+file_inside_chroot(const char* fname, const char* chr)
+{
+ /* true if filename starts with chroot or is not absolute */
+ return ((fname && fname[0] && strncmp(fname, chr, strlen(chr)) == 0) ||
+ (fname && fname[0] != '/'));
+}
+
+/*
+ * Something went wrong, give error messages and exit.
+ */
+void
+error(const char *format, ...)
+{
+ va_list args;
+ va_start(args, format);
+ log_vmsg(LOG_ERR, format, args);
+ va_end(args);
+ exit(1);
+}
+
diff --git a/usr.sbin/nsd/util.h b/usr.sbin/nsd/util.h
index 5f00911d0a1..3cca1f2ead8 100644
--- a/usr.sbin/nsd/util.h
+++ b/usr.sbin/nsd/util.h
@@ -410,4 +410,14 @@ void addr2str(
#endif
, char* str, size_t len);
+/** copy dirname string and append slash. Previous dirname is leaked,
+ * but it is to be used once, at startup, for chroot */
+void append_trailing_slash(const char** dirname, struct region* region);
+
+/** true if filename starts with chroot or is not absolute */
+int file_inside_chroot(const char* fname, const char* chr);
+
+/** Something went wrong, give error messages and exit. */
+void error(const char *format, ...) ATTR_FORMAT(printf, 1, 2) ATTR_NORETURN;
+
#endif /* _UTIL_H_ */
diff --git a/usr.sbin/nsd/xfrd.c b/usr.sbin/nsd/xfrd.c
index 4dc87a8074d..a23001fbc5f 100644
--- a/usr.sbin/nsd/xfrd.c
+++ b/usr.sbin/nsd/xfrd.c
@@ -227,8 +227,7 @@ xfrd_init(int socket, struct nsd* nsd, int shortsoa, int reload_active,
DEBUG(DEBUG_XFRD,1, (LOG_INFO, "xfrd startup"));
#ifdef HAVE_SYSTEMD
- if(xfrd->nsd->options->use_systemd)
- sd_notify(0, "READY=1");
+ sd_notify(0, "READY=1");
#endif
xfrd_main();
}
@@ -333,8 +332,7 @@ xfrd_shutdown()
DEBUG(DEBUG_XFRD,1, (LOG_INFO, "xfrd shutdown"));
#ifdef HAVE_SYSTEMD
- if(xfrd->nsd->options->use_systemd)
- sd_notify(0, "STOPPING=1");
+ sd_notify(0, "STOPPING=1");
#endif
event_del(&xfrd->ipc_handler);
close(xfrd->ipc_handler.ev_fd); /* notifies parent we stop */
@@ -2516,16 +2514,14 @@ void xfrd_process_task_result(xfrd_state_type* xfrd, struct udb_base* taskudb)
* the taskudbs are swapped */
task_clear(taskudb);
#ifdef HAVE_SYSTEMD
- if(xfrd->nsd->options->use_systemd)
- sd_notify(0, "READY=1");
+ sd_notify(0, "READY=1");
#endif
}
void xfrd_set_reload_now(xfrd_state_type* xfrd)
{
#ifdef HAVE_SYSTEMD
- if(xfrd->nsd->options->use_systemd)
- sd_notify(0, "RELOADING=1");
+ sd_notify(0, "RELOADING=1");
#endif
xfrd->need_to_send_reload = 1;
if(!(xfrd->ipc_handler_flags&EV_WRITE)) {
diff --git a/usr.sbin/nsd/zparser.y b/usr.sbin/nsd/zparser.y
index 5f7da86dd5d..c301c9eda78 100644
--- a/usr.sbin/nsd/zparser.y
+++ b/usr.sbin/nsd/zparser.y
@@ -983,8 +983,10 @@ rdata_ipsec_base: STR sp STR sp STR sp dotted_str
/* convert and insert the dname */
if(strlen($7.str) == 0)
zc_error_prev_line("IPSECKEY must specify gateway name");
- if(!(name = dname_parse(parser->region, $7.str)))
+ if(!(name = dname_parse(parser->region, $7.str))) {
zc_error_prev_line("IPSECKEY bad gateway dname %s", $7.str);
+ break;
+ }
if($7.str[strlen($7.str)-1] != '.') {
if(parser->origin == error_domain) {
zc_error("cannot concatenate origin to domain name, because origin failed to parse");