diff options
| author | Doug Barton <dougb@FreeBSD.org> | 2011-08-02 07:40:29 +0000 |
|---|---|---|
| committer | Doug Barton <dougb@FreeBSD.org> | 2011-08-02 07:40:29 +0000 |
| commit | 92ca6d96a96522bb1e8e222f02352a8b98d9203b (patch) | |
| tree | bcab1b6e0db4d240584439eef7fd10b076cded30 /lib/dns | |
| parent | d2b93373b258059aa9768088e51b34573accbb40 (diff) | |
Notes
Diffstat (limited to 'lib/dns')
| -rw-r--r-- | lib/dns/api | 2 | ||||
| -rw-r--r-- | lib/dns/dispatch.c | 7 | ||||
| -rw-r--r-- | lib/dns/include/dns/masterdump.h | 22 | ||||
| -rw-r--r-- | lib/dns/include/dns/rdataset.h | 9 | ||||
| -rw-r--r-- | lib/dns/masterdump.c | 53 | ||||
| -rw-r--r-- | lib/dns/message.c | 12 | ||||
| -rw-r--r-- | lib/dns/ncache.c | 15 | ||||
| -rw-r--r-- | lib/dns/rbtdb.c | 28 | ||||
| -rw-r--r-- | lib/dns/rdata.c | 9 | ||||
| -rw-r--r-- | lib/dns/rdata/generic/ipseckey_45.c | 10 | ||||
| -rw-r--r-- | lib/dns/rdata/generic/nsec_47.c | 12 | ||||
| -rw-r--r-- | lib/dns/rdata/generic/rrsig_46.c | 12 | ||||
| -rw-r--r-- | lib/dns/rdataset.c | 6 | ||||
| -rw-r--r-- | lib/dns/resolver.c | 36 | ||||
| -rw-r--r-- | lib/dns/time.c | 46 | ||||
| -rw-r--r-- | lib/dns/validator.c | 94 | ||||
| -rw-r--r-- | lib/dns/xfrin.c | 54 | ||||
| -rw-r--r-- | lib/dns/zone.c | 6 |
18 files changed, 269 insertions, 164 deletions
diff --git a/lib/dns/api b/lib/dns/api index d74a54733a3ee..c12a93c0443f6 100644 --- a/lib/dns/api +++ b/lib/dns/api @@ -1,3 +1,3 @@ LIBINTERFACE = 39 -LIBREVISION = 3 +LIBREVISION = 4 LIBAGE = 1 diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c index 2ebca6ac38c2f..1e60033cd7d06 100644 --- a/lib/dns/dispatch.c +++ b/lib/dns/dispatch.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dispatch.c,v 1.116.18.42 2009-12-02 23:36:35 marka Exp $ */ +/* $Id: dispatch.c,v 1.116.18.44 2011-04-06 23:45:16 tbox Exp $ */ /*! \file */ @@ -769,7 +769,8 @@ get_dispsocket(dns_dispatch_t *disp, isc_sockaddr_t *dest, continue; result = open_socket(sockmgr, &localaddr, 0, &sock); - if (result == ISC_R_SUCCESS || result != ISC_R_ADDRINUSE) + if (result == ISC_R_SUCCESS || + (result != ISC_R_ADDRINUSE && result != ISC_R_NOPERM)) break; } diff --git a/lib/dns/include/dns/masterdump.h b/lib/dns/include/dns/masterdump.h index 55a7ea5117217..bb7230774f50d 100644 --- a/lib/dns/include/dns/masterdump.h +++ b/lib/dns/include/dns/masterdump.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: masterdump.h,v 1.31.14.4 2005-09-01 03:04:28 marka Exp $ */ +/* $Id: masterdump.h,v 1.31.14.7 2011-05-27 23:49:08 tbox Exp $ */ #ifndef DNS_MASTERDUMP_H #define DNS_MASTERDUMP_H 1 @@ -93,9 +93,9 @@ typedef struct dns_master_style dns_master_style_t; /*% Never print the TTL */ #define DNS_STYLEFLAG_NO_TTL 0x01000000U - + /*% Never print the CLASS */ -#define DNS_STYLEFLAG_NO_CLASS 0x02000000U +#define DNS_STYLEFLAG_NO_CLASS 0x02000000U ISC_LANG_BEGINDECLS @@ -119,8 +119,8 @@ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_default; LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_full; /*% - * A master file style that prints explicit TTL values on each - * record line, never using $TTL statements. The TTL has a tab + * A master file style that prints explicit TTL values on each + * record line, never using $TTL statements. The TTL has a tab * stop of its own, but the class and type share one. */ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t @@ -133,9 +133,9 @@ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_cache; /*% - * A master style that prints name, ttl, class, type, and value on - * every line. Similar to explicitttl above, but more verbose. - * Intended for generating master files which can be easily parsed + * A master style that prints name, ttl, class, type, and value on + * every line. Similar to explicitttl above, but more verbose. + * Intended for generating master files which can be easily parsed * by perl scripts and similar applications. */ LIBDNS_EXTERNAL_DATA extern const dns_master_style_t dns_master_style_simple; @@ -231,7 +231,7 @@ dns_master_dumptostream2(isc_mem_t *mctx, dns_db_t *db, *\li 'task' to be valid. *\li 'done' to be non NULL. *\li 'dctxp' to be non NULL && '*dctxp' to be NULL. - * + * * Returns: *\li ISC_R_SUCCESS *\li ISC_R_CONTINUE dns_master_dumptostreaminc() only. diff --git a/lib/dns/include/dns/rdataset.h b/lib/dns/include/dns/rdataset.h index 1aaf4751e6744..f438705c2e455 100644 --- a/lib/dns/include/dns/rdataset.h +++ b/lib/dns/include/dns/rdataset.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2006, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006, 2009-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataset.h,v 1.51.18.11.10.1 2011-05-26 23:56:27 each Exp $ */ +/* $Id: rdataset.h,v 1.51.18.14 2011-06-09 00:42:48 each Exp $ */ #ifndef DNS_RDATASET_H #define DNS_RDATASET_H 1 @@ -187,6 +187,7 @@ struct dns_rdataset { #define DNS_RDATASETATTR_CHECKNAMES 0x00008000 /*%< Used by resolver. */ #define DNS_RDATASETATTR_REQUIREDGLUE 0x00010000 #define DNS_RDATASETATTR_LOADORDER 0x00020000 +#define DNS_RDATASETATTR_NEGATIVE 0x00200000 /*% * _OMITDNSSEC: @@ -611,8 +612,8 @@ dns_rdataset_expire(dns_rdataset_t *rdataset); const char * dns_trust_totext(dns_trust_t trust); /* - * * Display trust in textual form. - * */ + * Display trust in textual form. + */ ISC_LANG_ENDDECLS diff --git a/lib/dns/masterdump.c b/lib/dns/masterdump.c index af1b9dc0d318f..563c3c77698c8 100644 --- a/lib/dns/masterdump.c +++ b/lib/dns/masterdump.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2006, 2008, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006, 2008, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: masterdump.c,v 1.73.18.19 2009-11-25 04:50:24 marka Exp $ */ +/* $Id: masterdump.c,v 1.73.18.23 2011-06-09 00:42:47 each Exp $ */ /*! \file */ @@ -355,6 +355,7 @@ rdataset_totext(dns_rdataset_t *rdataset, isc_uint32_t current_ttl; isc_boolean_t current_ttl_valid; dns_rdatatype_t type; + unsigned int type_start; REQUIRE(DNS_RDATASET_VALID(rdataset)); @@ -436,29 +437,26 @@ rdataset_totext(dns_rdataset_t *rdataset, * Type. */ - if (rdataset->type == 0) { + if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) { type = rdataset->covers; } else { type = rdataset->type; } - { - unsigned int type_start; - INDENT_TO(type_column); - type_start = target->used; - if (rdataset->type == 0) - RETERR(str_totext("\\-", target)); - result = dns_rdatatype_totext(type, target); - if (result != ISC_R_SUCCESS) - return (result); - column += (target->used - type_start); - } + INDENT_TO(type_column); + type_start = target->used; + if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) + RETERR(str_totext("\\-", target)); + result = dns_rdatatype_totext(type, target); + if (result != ISC_R_SUCCESS) + return (result); + column += (target->used - type_start); /* * Rdata. */ INDENT_TO(rdata_column); - if (rdataset->type == 0) { + if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) { if (NXDOMAIN(rdataset)) RETERR(str_totext(";-$NXDOMAIN\n", target)); else @@ -772,19 +770,6 @@ dump_order_compare(const void *a, const void *b) { #define MAXSORT 64 -static const char *trustnames[] = { - "none", - "pending-additional", - "pending-answer", - "additional", - "glue", - "answer", - "authauthority", - "authanswer", - "secure", - "local" /* aka ultimate */ -}; - static isc_result_t dump_rdatasets_text(isc_mem_t *mctx, dns_name_t *name, dns_rdatasetiter_t *rdsiter, dns_totext_ctx_t *ctx, @@ -823,13 +808,9 @@ dump_rdatasets_text(isc_mem_t *mctx, dns_name_t *name, for (i = 0; i < n; i++) { dns_rdataset_t *rds = sorted[i]; - if (ctx->style.flags & DNS_STYLEFLAG_TRUST) { - unsigned int trust = rds->trust; - INSIST(trust < (sizeof(trustnames) / - sizeof(trustnames[0]))); - fprintf(f, "; %s\n", trustnames[trust]); - } - if (rds->type == 0 && + if (ctx->style.flags & DNS_STYLEFLAG_TRUST) + fprintf(f, "; %s\n", dns_trust_totext(rds->trust)); + if (((rds->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) && (ctx->style.flags & DNS_STYLEFLAG_NCACHE) == 0) { /* Omit negative cache entries */ } else { @@ -985,7 +966,7 @@ dump_rdatasets_raw(isc_mem_t *mctx, dns_name_t *name, dns_rdataset_init(&rdataset); dns_rdatasetiter_current(rdsiter, &rdataset); - if (rdataset.type == 0 && + if (((rdataset.attributes & DNS_RDATASETATTR_NEGATIVE) != 0) && (ctx->style.flags & DNS_STYLEFLAG_NCACHE) == 0) { /* Omit negative cache entries */ } else { diff --git a/lib/dns/message.c b/lib/dns/message.c index 409e8cfe222a7..3a0f52cdace2f 100644 --- a/lib/dns/message.c +++ b/lib/dns/message.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: message.c,v 1.222.18.18 2009-01-19 23:46:15 tbox Exp $ */ +/* $Id: message.c,v 1.222.18.20 2011-06-09 07:12:57 tbox Exp $ */ /*! \file */ @@ -2437,7 +2437,7 @@ dns_message_peekheader(isc_buffer_t *source, dns_messageid_t *idp, isc_result_t dns_message_reply(dns_message_t *msg, isc_boolean_t want_question_section) { - unsigned int first_section; + unsigned int clear_after; isc_result_t result; REQUIRE(DNS_MESSAGE_VALID(msg)); @@ -2451,11 +2451,11 @@ dns_message_reply(dns_message_t *msg, isc_boolean_t want_question_section) { if (want_question_section) { if (!msg->question_ok) return (DNS_R_FORMERR); - first_section = DNS_SECTION_ANSWER; + clear_after = DNS_SECTION_ANSWER; } else - first_section = DNS_SECTION_QUESTION; + clear_after = DNS_SECTION_QUESTION; msg->from_to_wire = DNS_MESSAGE_INTENTRENDER; - msgresetnames(msg, first_section); + msgresetnames(msg, clear_after); msgresetopt(msg); msgresetsigs(msg, ISC_TRUE); msginitprivate(msg); diff --git a/lib/dns/ncache.c b/lib/dns/ncache.c index 2e8776e5c0bea..1fd14bb71365a 100644 --- a/lib/dns/ncache.c +++ b/lib/dns/ncache.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2010, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ncache.c,v 1.36.18.8.10.1 2011-05-26 23:56:27 each Exp $ */ +/* $Id: ncache.c,v 1.36.18.12 2011-06-09 00:42:47 each Exp $ */ /*! \file */ @@ -180,7 +180,7 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, isc_buffer_putuint16(&buffer, rdataset->type); isc_buffer_putuint8(&buffer, - rdataset->trust); + (unsigned char)rdataset->trust); /* * Copy the rdataset into the buffer. */ @@ -257,7 +257,7 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, trust = dns_trust_authauthority; } else trust = dns_trust_additional; - isc_buffer_putuint8(&buffer, trust); /* trust */ + isc_buffer_putuint8(&buffer, (unsigned char)trust); /* trust */ isc_buffer_putuint16(&buffer, 0); /* count */ /* @@ -283,6 +283,7 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, RUNTIME_CHECK(dns_rdatalist_tordataset(&ncrdatalist, &ncrdataset) == ISC_R_SUCCESS); ncrdataset.trust = trust; + ncrdataset.attributes |= DNS_RDATASETATTR_NEGATIVE; if (message->rcode == dns_rcode_nxdomain) ncrdataset.attributes |= DNS_RDATASETATTR_NXDOMAIN; @@ -311,6 +312,7 @@ dns_ncache_towire(dns_rdataset_t *rdataset, dns_compress_t *cctx, REQUIRE(rdataset != NULL); REQUIRE(rdataset->type == 0); + REQUIRE((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); savedbuffer = *target; count = 0; @@ -503,7 +505,7 @@ static void rdataset_settrust(dns_rdataset_t *rdataset, dns_trust_t trust) { unsigned char *raw = rdataset->private3; - raw[-1] = trust; + raw[-1] = (unsigned char)trust; } static dns_rdatasetmethods_t rdataset_methods = { @@ -537,6 +539,7 @@ dns_ncache_getrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name, REQUIRE(ncacherdataset != NULL); REQUIRE(ncacherdataset->type == 0); + REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); REQUIRE(name != NULL); REQUIRE(!dns_rdataset_isassociated(rdataset)); REQUIRE(type != dns_rdatatype_rrsig); @@ -613,6 +616,7 @@ dns_ncache_getsigrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name, REQUIRE(ncacherdataset != NULL); REQUIRE(ncacherdataset->type == 0); + REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); REQUIRE(name != NULL); REQUIRE(!dns_rdataset_isassociated(rdataset)); @@ -712,6 +716,7 @@ dns_ncache_current(dns_rdataset_t *ncacherdataset, dns_name_t *found, REQUIRE(ncacherdataset != NULL); REQUIRE(ncacherdataset->type == 0); + REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0); REQUIRE(found != NULL); REQUIRE(!dns_rdataset_isassociated(rdataset)); diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c index 24130d31b08c6..8118fee7417f0 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb.c,v 1.196.18.64 2010-11-17 10:21:01 marka Exp $ */ +/* $Id: rbtdb.c,v 1.196.18.67 2011-06-09 00:42:47 each Exp $ */ /*! \file */ @@ -244,6 +244,7 @@ typedef struct rdatasetheader { #define RDATASET_ATTR_IGNORE 0x0004 #define RDATASET_ATTR_RETAIN 0x0008 #define RDATASET_ATTR_NXDOMAIN 0x0010 +#define RDATASET_ATTR_NEGATIVE 0x0100 typedef struct acache_cbarg { dns_rdatasetadditional_t type; @@ -278,6 +279,8 @@ struct acachectl { (((header)->attributes & RDATASET_ATTR_RETAIN) != 0) #define NXDOMAIN(header) \ (((header)->attributes & RDATASET_ATTR_NXDOMAIN) != 0) +#define NEGATIVE(header) \ + (((header)->attributes & RDATASET_ATTR_NEGATIVE) != 0) #define DEFAULT_NODE_LOCK_COUNT 7 /*%< Should be prime. */ #define DEFAULT_CACHE_NODE_LOCK_COUNT 1009 /*%< Should be prime. */ @@ -1779,10 +1782,15 @@ zone_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) { /* * Did we find anything? */ - if (dname_header != NULL) { + if (!IS_CACHE(search->rbtdb) && !IS_STUB(search->rbtdb) && + ns_header != NULL) { /* - * Note that DNAME has precedence over NS if both exist. + * Note that NS has precedence over DNAME if both exist + * in a zone. Otherwise DNAME take precedence over NS. */ + found = ns_header; + search->zonecut_sigrdataset = NULL; + } else if (dname_header != NULL) { found = dname_header; search->zonecut_sigrdataset = sigdname_header; } else if (ns_header != NULL) { @@ -1873,6 +1881,8 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdataset->covers = RBTDB_RDATATYPE_EXT(header->type); rdataset->ttl = header->ttl - now; rdataset->trust = header->trust; + if (NEGATIVE(header)) + rdataset->attributes |= DNS_RDATASETATTR_NEGATIVE; if (NXDOMAIN(header)) rdataset->attributes |= DNS_RDATASETATTR_NXDOMAIN; rdataset->private1 = rbtdb; @@ -3634,7 +3644,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, *nodep = node; } - if (RBTDB_RDATATYPE_BASE(found->type) == 0) { + if (NEGATIVE(found)) { /* * We found a negative cache entry. */ @@ -4258,7 +4268,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, if (found == NULL) return (ISC_R_NOTFOUND); - if (RBTDB_RDATATYPE_BASE(found->type) == 0) { + if (NEGATIVE(found)) { /* * We found a negative cache entry. */ @@ -4456,7 +4466,7 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion, negtype = 0; if (rbtversion == NULL && !newheader_nx) { rdtype = RBTDB_RDATATYPE_BASE(newheader->type); - if (rdtype == 0) { + if (NEGATIVE(newheader)) { /* * We're adding a negative cache entry. */ @@ -4884,6 +4894,8 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, now = 0; } else { newheader->serial = 1; + if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) + newheader->attributes |= RDATASET_ATTR_NEGATIVE; if ((rdataset->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0) newheader->attributes |= RDATASET_ATTR_NXDOMAIN; if ((rdataset->attributes & DNS_RDATASETATTR_NOQNAME) != 0) { @@ -5979,7 +5991,7 @@ rdatasetiter_next(dns_rdatasetiter_t *iterator) { type = header->type; rdtype = RBTDB_RDATATYPE_BASE(header->type); - if (rdtype == 0) { + if (NEGATIVE(header)) { covers = RBTDB_RDATATYPE_EXT(header->type); negtype = RBTDB_RDATATYPE_VALUE(covers, 0); } else diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c index 640af693394b9..8f78bf3549e0a 100644 --- a/lib/dns/rdata.c +++ b/lib/dns/rdata.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006, 2008, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdata.c,v 1.184.18.11 2008-12-12 23:46:04 tbox Exp $ */ +/* $Id: rdata.c,v 1.184.18.13 2011-01-13 04:47:41 tbox Exp $ */ /*! \file */ @@ -1128,6 +1128,11 @@ name_prefix(dns_name_t *name, dns_name_t *origin, dns_name_t *target) { if (l1 == l2) goto return_false; + /* Master files should be case preserving. */ + dns_name_getlabelsequence(name, l1 - l2, l2, target); + if (!dns_name_caseequal(origin, target)) + goto return_false; + dns_name_getlabelsequence(name, 0, l1 - l2, target); return (ISC_TRUE); diff --git a/lib/dns/rdata/generic/ipseckey_45.c b/lib/dns/rdata/generic/ipseckey_45.c index 2a98aafef6bda..9e9327fbc0d64 100644 --- a/lib/dns/rdata/generic/ipseckey_45.c +++ b/lib/dns/rdata/generic/ipseckey_45.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2005, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ipseckey_45.c,v 1.2.2.4 2009-09-18 21:57:08 jinmei Exp $ */ +/* $Id: ipseckey_45.c,v 1.2.2.6 2011-01-13 04:47:42 tbox Exp $ */ #ifndef RDATA_GENERIC_IPSECKEY_45_C #define RDATA_GENERIC_IPSECKEY_45_C @@ -120,8 +120,6 @@ static inline isc_result_t totext_ipseckey(ARGS_TOTEXT) { isc_region_t region; dns_name_t name; - dns_name_t prefix; - isc_boolean_t sub; char buf[sizeof("255 ")]; unsigned short num; unsigned short gateway; @@ -130,7 +128,6 @@ totext_ipseckey(ARGS_TOTEXT) { REQUIRE(rdata->length >= 3); dns_name_init(&name, NULL); - dns_name_init(&prefix, NULL); if (rdata->data[1] > 3U) return (ISC_R_NOTIMPLEMENTED); @@ -183,8 +180,7 @@ totext_ipseckey(ARGS_TOTEXT) { case 3: dns_name_fromregion(&name, ®ion); - sub = name_prefix(&name, tctx->origin, &prefix); - RETERR(dns_name_totext(&prefix, sub, target)); + RETERR(dns_name_totext(&name, ISC_FALSE, target)); isc_region_consume(®ion, name_length(&name)); break; } diff --git a/lib/dns/rdata/generic/nsec_47.c b/lib/dns/rdata/generic/nsec_47.c index 06e350e9af983..e7ec6f3d2c147 100644 --- a/lib/dns/rdata/generic/nsec_47.c +++ b/lib/dns/rdata/generic/nsec_47.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2008, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsec_47.c,v 1.7.20.2 2008-07-15 23:46:14 tbox Exp $ */ +/* $Id: nsec_47.c,v 1.7.20.4 2011-01-13 04:47:42 tbox Exp $ */ /* reviewed: Wed Mar 15 18:21:15 PST 2000 by brister */ @@ -88,20 +88,18 @@ totext_nsec(ARGS_TOTEXT) { isc_region_t sr; unsigned int i, j, k; dns_name_t name; - dns_name_t prefix; - isc_boolean_t sub; unsigned int window, len; REQUIRE(rdata->type == 47); REQUIRE(rdata->length != 0); + UNUSED(tctx); + dns_name_init(&name, NULL); - dns_name_init(&prefix, NULL); dns_rdata_toregion(rdata, &sr); dns_name_fromregion(&name, &sr); isc_region_consume(&sr, name_length(&name)); - sub = name_prefix(&name, tctx->origin, &prefix); - RETERR(dns_name_totext(&prefix, sub, target)); + RETERR(dns_name_totext(&name, ISC_FALSE, target)); for (i = 0; i < sr.length; i += len) { diff --git a/lib/dns/rdata/generic/rrsig_46.c b/lib/dns/rdata/generic/rrsig_46.c index d9fa89d71d088..11cbfda755a63 100644 --- a/lib/dns/rdata/generic/rrsig_46.c +++ b/lib/dns/rdata/generic/rrsig_46.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rrsig_46.c,v 1.5.18.3 2005-04-29 00:16:39 marka Exp $ */ +/* $Id: rrsig_46.c,v 1.5.18.5 2011-01-13 04:47:42 tbox Exp $ */ /* Reviewed: Fri Mar 17 09:05:02 PST 2000 by gson */ @@ -134,8 +134,6 @@ totext_rrsig(ARGS_TOTEXT) { unsigned long exp; unsigned long foot; dns_name_t name; - dns_name_t prefix; - isc_boolean_t sub; REQUIRE(rdata->type == 46); REQUIRE(rdata->length != 0); @@ -217,11 +215,9 @@ totext_rrsig(ARGS_TOTEXT) { * Signer. */ dns_name_init(&name, NULL); - dns_name_init(&prefix, NULL); dns_name_fromregion(&name, &sr); isc_region_consume(&sr, name_length(&name)); - sub = name_prefix(&name, tctx->origin, &prefix); - RETERR(dns_name_totext(&prefix, sub, target)); + RETERR(dns_name_totext(&name, ISC_FALSE, target)); /* * Sig. diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c index efcaeac603465..c40307e169e22 100644 --- a/lib/dns/rdataset.c +++ b/lib/dns/rdataset.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2006, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006, 2009-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataset.c,v 1.72.18.9.10.1 2011-05-26 23:56:27 each Exp $ */ +/* $Id: rdataset.c,v 1.72.18.12 2011-06-09 00:42:48 each Exp $ */ /*! \file */ @@ -342,7 +342,7 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, count = 1; result = dns_rdataset_first(rdataset); INSIST(result == ISC_R_NOMORE); - } else if (rdataset->type == 0) { + } else if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) { /* * This is a negative caching rdataset. */ diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index ba42540b7beba..129694ea79fc8 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resolver.c,v 1.284.18.103 2010-06-23 23:45:21 tbox Exp $ */ +/* $Id: resolver.c,v 1.284.18.106 2011-06-09 00:42:48 each Exp $ */ /*! \file */ @@ -401,6 +401,7 @@ struct dns_resolver { FCTX_ADDRINFO_FORWARDER) != 0) #define NXDOMAIN(r) (((r)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0) +#define NEGATIVE(r) (((r)->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) #define dns_db_transfernode(a,b,c) do { (*c) = (*b); (*b) = NULL; } while (0) @@ -986,7 +987,7 @@ fctx_sendevents(fetchctx_t *fctx, isc_result_t result, int line) { * Negative results must be indicated in event->result. */ if (dns_rdataset_isassociated(event->rdataset) && - event->rdataset->type == dns_rdatatype_none) { + NEGATIVE(event->rdataset)) { INSIST(event->result == DNS_R_NCACHENXDOMAIN || event->result == DNS_R_NCACHENXRRSET); } @@ -3951,7 +3952,7 @@ validated(isc_task_t *task, isc_event_t *event) { if (result != ISC_R_SUCCESS && result != DNS_R_UNCHANGED) goto noanswer_response; - if (ardataset != NULL && ardataset->type == 0) { + if (ardataset != NULL && NEGATIVE(ardataset)) { if (NXDOMAIN(ardataset)) eresult = DNS_R_NCACHENXDOMAIN; else @@ -4272,7 +4273,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, result = ISC_R_SUCCESS; if (!need_validation && ardataset != NULL && - ardataset->type == 0) { + NEGATIVE(ardataset)) { /* * The answer in the cache is * better than the answer we @@ -4402,7 +4403,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, if (result == DNS_R_UNCHANGED) { if (ANSWER(rdataset) && ardataset != NULL && - ardataset->type == 0) { + NEGATIVE(ardataset)) { /* * The answer in the cache is better * than the answer we found, and is @@ -4432,7 +4433,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, * Negative results must be indicated in event->result. */ if (dns_rdataset_isassociated(event->rdataset) && - event->rdataset->type == dns_rdatatype_none) { + NEGATIVE(event->rdataset)) { INSIST(eresult == DNS_R_NCACHENXDOMAIN || eresult == DNS_R_NCACHENXRRSET); } @@ -4512,7 +4513,7 @@ ncache_adderesult(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, * care about whether it is DNS_R_NCACHENXDOMAIN or * DNS_R_NCACHENXRRSET then extract it. */ - if (ardataset->type == 0) { + if (NEGATIVE(ardataset)) { /* * The cache data is a negative cache entry. */ @@ -7075,6 +7076,13 @@ static inline isc_boolean_t fctx_match(fetchctx_t *fctx, dns_name_t *name, dns_rdatatype_t type, unsigned int options) { + /* + * Don't match fetch contexts that are shutting down. + */ + if (fctx->cloned || fctx->state == fetchstate_done || + ISC_LIST_EMPTY(fctx->events)) + return (ISC_FALSE); + if (fctx->type != type || fctx->options != options) return (ISC_FALSE); return (dns_name_equal(&fctx->name, name)); @@ -7209,17 +7217,7 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name, } } - /* - * If we didn't have a fetch, would attach to a done fetch, this - * fetch has already cloned its results, or if the fetch has gone - * "idle" (no one was interested in it), we need to start a new - * fetch instead of joining with the existing one. - */ - if (fctx == NULL || - fctx->state == fetchstate_done || - fctx->cloned || - ISC_LIST_EMPTY(fctx->events)) { - fctx = NULL; + if (fctx == NULL) { result = fctx_create(res, name, type, domain, nameservers, options, bucketnum, &fctx); if (result != ISC_R_SUCCESS) diff --git a/lib/dns/time.c b/lib/dns/time.c index f451623b4eda5..5c88e7cbe946f 100644 --- a/lib/dns/time.c +++ b/lib/dns/time.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: time.c,v 1.26.18.5 2009-01-19 23:46:15 tbox Exp $ */ +/* $Id: time.c,v 1.26.18.7 2011-03-09 23:45:15 tbox Exp $ */ /*! \file */ @@ -27,6 +27,7 @@ #include <isc/print.h> #include <isc/region.h> +#include <isc/serial.h> #include <isc/stdtime.h> #include <isc/util.h> @@ -43,13 +44,21 @@ dns_time64_totext(isc_int64_t t, isc_buffer_t *target) { unsigned int l; isc_region_t region; - REQUIRE(t >= 0); - +/* + * Warning. Do NOT use arguments with side effects with these macros. + */ #define is_leap(y) ((((y) % 4) == 0 && ((y) % 100) != 0) || ((y) % 400) == 0) #define year_secs(y) ((is_leap(y) ? 366 : 365 ) * 86400) #define month_secs(m,y) ((days[m] + ((m == 1 && is_leap(y)) ? 1 : 0 )) * 86400) tm.tm_year = 70; + while (t < 0) { + if (tm.tm_year == 0) + return (ISC_R_RANGE); + tm.tm_year--; + secs = year_secs(tm.tm_year + 1900); + t += secs; + } while ((secs = year_secs(tm.tm_year + 1900)) <= t) { t -= secs; tm.tm_year++; @@ -97,7 +106,6 @@ isc_result_t dns_time32_totext(isc_uint32_t value, isc_buffer_t *target) { isc_stdtime_t now; isc_int64_t start; - isc_int64_t base; isc_int64_t t; /* @@ -108,12 +116,10 @@ dns_time32_totext(isc_uint32_t value, isc_buffer_t *target) { */ isc_stdtime_get(&now); start = (isc_int64_t) now; - start -= 0x7fffffff; - base = 0; - while ((t = (base + value)) < start) { - base += 0x80000000; - base += 0x80000000; - } + if (isc_serial_gt(value, now)) + t = start + (value - now); + else + t = start - (now - value); return (dns_time64_totext(t, target)); } @@ -136,7 +142,7 @@ dns_time64_fromtext(const char *source, isc_int64_t *target) { &year, &month, &day, &hour, &minute, &second) != 6) return (DNS_R_SYNTAX); - RANGE(1970, 9999, year); + RANGE(0, 9999, year); RANGE(1, 12, month); RANGE(1, days[month - 1] + ((month == 2 && is_leap(year)) ? 1 : 0), day); @@ -145,16 +151,24 @@ dns_time64_fromtext(const char *source, isc_int64_t *target) { RANGE(0, 60, second); /* 60 == leap second. */ /* - * Calculate seconds since epoch. + * Calculate seconds from epoch. + * Note: this uses a idealized calendar. */ value = second + (60 * minute) + (3600 * hour) + ((day - 1) * 86400); for (i = 0; i < (month - 1); i++) value += days[i] * 86400; if (is_leap(year) && month > 2) value += 86400; - for (i = 1970; i < year; i++) { - secs = (is_leap(i) ? 366 : 365) * 86400; - value += secs; + if (year < 1970) { + for (i = 1969; i >= year; i--) { + secs = (is_leap(i) ? 366 : 365) * 86400; + value -= secs; + } + } else { + for (i = 1970; i < year; i++) { + secs = (is_leap(i) ? 366 : 365) * 86400; + value += secs; + } } *target = value; diff --git a/lib/dns/validator.c b/lib/dns/validator.c index 5f3144860ae5d..ab24b071349d9 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.c,v 1.119.18.60.6.1 2011-05-26 23:56:27 each Exp $ */ +/* $Id: validator.c,v 1.119.18.64 2011-06-09 00:42:48 each Exp $ */ /*! \file */ @@ -121,6 +121,8 @@ #define SHUTDOWN(v) (((v)->attributes & VALATTR_SHUTDOWN) != 0) #define CANCELED(v) (((v)->attributes & VALATTR_CANCELED) != 0) +#define NEGATIVE(r) (((r)->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) + static void destroy(dns_validator_t *val); @@ -415,7 +417,8 @@ dsfetched(isc_task_t *task, isc_event_t *event) { result = validatezonekey(val); if (result != DNS_R_WAIT) validator_done(val, result); - } else if (eresult == DNS_R_NXRRSET || + } else if (eresult == DNS_R_CNAME || + eresult == DNS_R_NXRRSET || eresult == DNS_R_NCACHENXRRSET || eresult == DNS_R_SERVFAIL) /* RFC 1034 parent? */ { @@ -483,12 +486,16 @@ dsfetched2(isc_task_t *task, isc_event_t *event) { LOCK(&val->lock); if (CANCELED(val)) { validator_done(val, ISC_R_CANCELED); - } else if (eresult == DNS_R_NXRRSET || eresult == DNS_R_NCACHENXRRSET) { + } else if (eresult == DNS_R_CNAME || + eresult == DNS_R_NXRRSET || + eresult == DNS_R_NCACHENXRRSET) + { /* * There is no DS. If this is a delegation, we're done. */ tname = dns_fixedname_name(&devent->foundname); - if (isdelegation(tname, &val->frdataset, eresult)) { + if (eresult != DNS_R_CNAME && + isdelegation(tname, &val->frdataset, eresult)) { if (val->mustbesecure) { validator_log(val, ISC_LOG_WARNING, "must be secure failure"); @@ -644,7 +651,7 @@ dsvalidated(isc_task_t *task, isc_event_t *event) { name = dns_fixedname_name(&val->fname); if ((val->attributes & VALATTR_INSECURITY) != 0 && val->frdataset.covers == dns_rdatatype_ds && - val->frdataset.type == 0 && + NEGATIVE(&val->frdataset) && isdelegation(name, &val->frdataset, DNS_R_NCACHENXRRSET)) { if (val->mustbesecure) { validator_log(val, ISC_LOG_WARNING, @@ -681,6 +688,60 @@ dsvalidated(isc_task_t *task, isc_event_t *event) { } /*% + * Callback when the CNAME record has been validated. + * + * Resumes validation of the unsecure zone proof. + */ +static void +cnamevalidated(isc_task_t *task, isc_event_t *event) { + dns_validatorevent_t *devent; + dns_validator_t *val; + isc_boolean_t want_destroy; + isc_result_t result; + isc_result_t eresult; + + UNUSED(task); + INSIST(event->ev_type == DNS_EVENT_VALIDATORDONE); + + devent = (dns_validatorevent_t *)event; + val = devent->ev_arg; + eresult = devent->result; + + isc_event_free(&event); + dns_validator_destroy(&val->subvalidator); + + INSIST(val->event != NULL); + INSIST((val->attributes & VALATTR_INSECURITY) != 0); + + validator_log(val, ISC_LOG_DEBUG(3), "in cnamevalidated"); + LOCK(&val->lock); + if (CANCELED(val)) { + validator_done(val, ISC_R_CANCELED); + } else if (eresult == ISC_R_SUCCESS) { + validator_log(val, ISC_LOG_DEBUG(3), "cname with trust %s", + dns_trust_totext(val->frdataset.trust)); + result = proveunsecure(val, ISC_FALSE, ISC_TRUE); + if (result != DNS_R_WAIT) + validator_done(val, result); + } else { + if (eresult != DNS_R_BROKENCHAIN) { + if (dns_rdataset_isassociated(&val->frdataset)) + dns_rdataset_expire(&val->frdataset); + if (dns_rdataset_isassociated(&val->fsigrdataset)) + dns_rdataset_expire(&val->fsigrdataset); + } + validator_log(val, ISC_LOG_DEBUG(3), + "cnamevalidated: got %s", + isc_result_totext(eresult)); + validator_done(val, DNS_R_BROKENCHAIN); + } + want_destroy = exit_check(val); + UNLOCK(&val->lock); + if (want_destroy) + destroy(val); +} + +/*% * Return ISC_R_SUCCESS if we can determine that the name doesn't exist * or we can determine whether there is data or not at the name. * If the name does not exist return the wildcard name. @@ -1989,11 +2050,12 @@ validatezonekey(dns_validator_t *val) { if (result != ISC_R_SUCCESS) return (result); return (DNS_R_WAIT); - } else if (result == DNS_R_NCACHENXDOMAIN || + } else if (result == DNS_R_NCACHENXDOMAIN || result == DNS_R_NCACHENXRRSET || result == DNS_R_EMPTYNAME || result == DNS_R_NXDOMAIN || - result == DNS_R_NXRRSET) + result == DNS_R_NXRRSET || + result == DNS_R_CNAME) { /* * The DS does not exist. @@ -3094,6 +3156,20 @@ proveunsecure(dns_validator_t *val, isc_boolean_t have_ds, isc_boolean_t resume) return (startfinddlvsep(val, tname)); } continue; + } else if (result == DNS_R_CNAME) { + if (DNS_TRUST_PENDING(val->frdataset.trust) || + DNS_TRUST_ANSWER(val->frdataset.trust)) { + result = create_validator(val, tname, + dns_rdatatype_cname, + &val->frdataset, + NULL, cnamevalidated, + "proveunsecure " + "(cname)"); + if (result != ISC_R_SUCCESS) + goto out; + return (DNS_R_WAIT); + } + continue; } else if (result == ISC_R_SUCCESS) { /* * There is a DS here. Verify that it's secure and @@ -3313,7 +3389,7 @@ validator_start(isc_task_t *task, isc_event_t *event) { val->attributes |= VALATTR_NEEDNODATA; result = nsecvalidate(val, ISC_FALSE); } else if (val->event->rdataset != NULL && - val->event->rdataset->type == 0) + NEGATIVE(val->event->rdataset)) { /* * This is a nonexistence validation. diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c index ccd6010f27627..6a4956f527b88 100644 --- a/lib/dns/xfrin.c +++ b/lib/dns/xfrin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: xfrin.c,v 1.135.18.23 2008-09-25 04:15:52 marka Exp $ */ +/* $Id: xfrin.c,v 1.135.18.24 2011-07-22 06:24:01 marka Exp $ */ /*! \file */ @@ -83,8 +83,9 @@ typedef enum { XFRST_IXFR_DEL, XFRST_IXFR_ADDSOA, XFRST_IXFR_ADD, + XFRST_IXFR_END, XFRST_AXFR, - XFRST_END + XFRST_AXFR_END } xfrin_state_t; /*% @@ -198,6 +199,7 @@ static isc_result_t axfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op, dns_rdata_t *rdata); static isc_result_t axfr_apply(dns_xfrin_ctx_t *xfr); static isc_result_t axfr_commit(dns_xfrin_ctx_t *xfr); +static isc_result_t axfr_finalize(dns_xfrin_ctx_t *xfr); static isc_result_t ixfr_init(dns_xfrin_ctx_t *xfr); static isc_result_t ixfr_apply(dns_xfrin_ctx_t *xfr); @@ -313,6 +315,16 @@ axfr_commit(dns_xfrin_ctx_t *xfr) { CHECK(axfr_apply(xfr)); CHECK(dns_db_endload(xfr->db, &xfr->axfr.add_private)); + + result = ISC_R_SUCCESS; + failure: + return (result); +} + +static isc_result_t +axfr_finalize(dns_xfrin_ctx_t *xfr) { + isc_result_t result; + CHECK(dns_zone_replacedb(xfr->zone, xfr->db, ISC_TRUE)); result = ISC_R_SUCCESS; @@ -534,7 +546,7 @@ xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name, isc_uint32_t ttl, isc_uint32_t soa_serial = dns_soa_getserial(rdata); if (soa_serial == xfr->end_serial) { CHECK(ixfr_commit(xfr)); - xfr->state = XFRST_END; + xfr->state = XFRST_IXFR_END; break; } else if (soa_serial != xfr->ixfr.current_serial) { xfrin_log(xfr, ISC_LOG_ERROR, @@ -565,11 +577,12 @@ xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name, isc_uint32_t ttl, CHECK(axfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata)); if (rdata->type == dns_rdatatype_soa) { CHECK(axfr_commit(xfr)); - xfr->state = XFRST_END; + xfr->state = XFRST_AXFR_END; break; } break; - case XFRST_END: + case XFRST_AXFR_END: + case XFRST_IXFR_END: FAIL(DNS_R_EXTRADATA); default: INSIST(0); @@ -908,8 +921,7 @@ static void xfrin_connect_done(isc_task_t *task, isc_event_t *event) { isc_socket_connev_t *cev = (isc_socket_connev_t *) event; dns_xfrin_ctx_t *xfr = (dns_xfrin_ctx_t *) event->ev_arg; - isc_result_t evresult = cev->result; - isc_result_t result; + isc_result_t result = cev->result; char sourcetext[ISC_SOCKADDR_FORMATSIZE]; isc_sockaddr_t sockaddr; @@ -926,7 +938,9 @@ xfrin_connect_done(isc_task_t *task, isc_event_t *event) { return; } - CHECK(evresult); + if (result != ISC_R_SUCCESS) + goto failure; + result = isc_socket_getsockname(xfr->socket, &sockaddr); if (result == ISC_R_SUCCESS) { isc_sockaddr_format(&sockaddr, sourcetext, sizeof(sourcetext)); @@ -1210,7 +1224,7 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { result = DNS_R_UNEXPECTEDID; if (xfr->reqtype == dns_rdatatype_axfr || xfr->reqtype == dns_rdatatype_soa) - FAIL(result); + goto failure; xfrin_log(xfr, ISC_LOG_DEBUG(3), "got %s, retrying with AXFR", isc_result_totext(result)); try_axfr: @@ -1246,7 +1260,7 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { if (result != ISC_R_SUCCESS) { xfrin_log(xfr, ISC_LOG_DEBUG(3), "TSIG check failed: %s", isc_result_totext(result)); - FAIL(result); + goto failure; } for (result = dns_message_firstname(msg, DNS_SECTION_ANSWER); @@ -1294,8 +1308,9 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { } else if (dns_message_gettsigkey(msg) != NULL) { xfr->sincetsig++; - if (xfr->sincetsig > 100 || - xfr->nmsg == 0 || xfr->state == XFRST_END) + if (xfr->sincetsig > 100 || xfr->nmsg == 0 || + xfr->state == XFRST_AXFR_END || + xfr->state == XFRST_IXFR_END) { result = DNS_R_EXPECTEDTSIG; goto failure; @@ -1316,16 +1331,22 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { dns_message_destroy(&msg); - if (xfr->state == XFRST_GOTSOA) { + switch (xfr->state) { + case XFRST_GOTSOA: xfr->reqtype = dns_rdatatype_axfr; xfr->state = XFRST_INITIALSOA; CHECK(xfrin_send_request(xfr)); - } else if (xfr->state == XFRST_END) { + break; + case XFRST_AXFR_END: + CHECK(axfr_finalize(xfr)); + /* FALLTHROUGH */ + case XFRST_IXFR_END: /* * Close the journal. */ if (xfr->ixfr.journal != NULL) dns_journal_destroy(&xfr->ixfr.journal); + /* * Inform the caller we succeeded. */ @@ -1339,7 +1360,8 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { */ xfr->shuttingdown = ISC_TRUE; maybe_free(xfr); - } else { + break; + default: /* * Read the next message. */ diff --git a/lib/dns/zone.c b/lib/dns/zone.c index c7f365508cca6..303bb8ba45e91 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.c,v 1.410.18.61 2009-09-24 21:38:52 jinmei Exp $ */ +/* $Id: zone.c,v 1.410.18.63 2011-04-11 23:45:26 tbox Exp $ */ /*! \file */ @@ -3140,7 +3140,7 @@ dns_zone_refresh(dns_zone_t *zone) { isc_interval_set(&i, isc_random_jitter(zone->retry, zone->retry / 4), 0); result = isc_time_nowplusinterval(&zone->refreshtime, &i); - if (result |= ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) dns_zone_log(zone, ISC_LOG_WARNING, "isc_time_nowplusinterval() failed: %s", dns_result_totext(result)); |