1 files changed, 161 insertions, 57 deletions
diff --git a/contrib/bind/include/arpa/nameser.h b/contrib/bind/include/arpa/nameser.h
index 8d0faf511f5bb..c61f8b71b909d 100644
--- a/contrib/bind/include/arpa/nameser.h
+++ b/contrib/bind/include/arpa/nameser.h
@@ -32,7 +32,7 @@
  */
 
 /*
- * Copyright (c) 1996 by Internet Software Consortium.
+ * Copyright (c) 1996-1999 by Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -49,7 +49,7 @@
  */
 
 /*
- *	$Id: nameser.h,v 8.16 1998/02/06 00:35:58 halley Exp $
+ *	$Id: nameser.h,v 8.36 1999/10/15 19:49:08 vixie Exp $
  */
 
 #ifndef _ARPA_NAMESER_H_
@@ -66,15 +66,14 @@
 #include <sys/cdefs.h>
 
 /*
- * revision information.  this is the release date in YYYYMMDD format.
- * it can change every day so the right thing to do with it is use it
- * in preprocessor commands such as "#if (__NAMESER > 19931104)".  do not
- * compare for equality; rather, use it to determine whether your libnameser.a
- * is new enough to contain a certain feature.
+ * Revision information.  This is the release date in YYYYMMDD format.
+ * It can change every day so the right thing to do with it is use it
+ * in preprocessor commands such as "#if (__NAMESER > 19931104)".  Do not
+ * compare for equality; rather, use it to determine whether your libbind.a
+ * contains a new enough lib/nameser/ to support the feature you need.
  */
 
-/* XXXRTH I made this bigger than __BIND in 4.9.5 T6B */
-#define __NAMESER	19961001	/* New interface version stamp. */
+#define __NAMESER	19991006	/* New interface version stamp. */
 
 /*
  * Define constants based on RFC 883, RFC 1034, RFC 1035
@@ -142,18 +141,18 @@ extern struct _ns_flagdata _ns_flagdata[];
  * This is a parsed record.  It is caller allocated and has no dynamic data.
  */
 typedef	struct __ns_rr {
-	char		name[NS_MAXDNAME];	/* XXX need to malloc */
+	char		name[NS_MAXDNAME];
 	u_int16_t	type;
-	u_int16_t	class;
+	u_int16_t	rr_class;
 	u_int32_t	ttl;
 	u_int16_t	rdlength;
-	const u_char	*rdata;
+	const u_char *	rdata;
 } ns_rr;
 
 /* Accessor macros - this is part of the public interface. */
 #define ns_rr_name(rr)	(((rr).name[0] != '\0') ? (rr).name : ".")
-#define ns_rr_type(rr)	((rr).type + 0)
-#define ns_rr_class(rr)	((rr).class + 0)
+#define ns_rr_type(rr)	((ns_type)((rr).type + 0))
+#define ns_rr_class(rr)	((ns_class)((rr).rr_class + 0))
 #define ns_rr_ttl(rr)	((rr).ttl + 0)
 #define ns_rr_rdlen(rr)	((rr).rdlength + 0)
 #define ns_rr_rdata(rr)	((rr).rdata + 0)
@@ -206,7 +205,11 @@ typedef	enum __ns_rcode {
 	ns_r_nxrrset = 8,	/* RRset does not exist */
 	ns_r_notauth = 9,	/* Not authoritative for zone */
 	ns_r_notzone = 10,	/* Zone of record different from zone section */
-	ns_r_max = 11
+	ns_r_max = 11,
+	/* The following are TSIG extended errors */
+	ns_r_badsig = 16,
+	ns_r_badkey = 17,
+	ns_r_badtime = 18
 } ns_rcode;
 
 /* BIND_UPDATE */
@@ -217,31 +220,40 @@ typedef enum __ns_update_operation {
 } ns_update_operation;
 
 /*
- * This RR-like structure is particular to UPDATE.
+ * This structure is used for TSIG authenticated messages
  */
-struct ns_updrec {
-	struct ns_updrec *r_prev;	/* prev record */
-	struct ns_updrec *r_next;	/* next record */
-	u_int8_t	r_section;	/* ZONE/PREREQUISITE/UPDATE */
-	char *		r_dname;	/* owner of the RR */
-	u_int16_t	r_class;	/* class number */
-	u_int16_t	r_type;		/* type number */
-	u_int32_t	r_ttl;		/* time to live */
-	u_char *	r_data;		/* rdata fields as text string */
-	u_int16_t	r_size;		/* size of r_data field */
-	int		r_opcode;	/* type of operation */
-	/* following fields for private use by the resolver/server routines */
-	struct ns_updrec *r_grpnext;	/* next record when grouped */
-	struct databuf *r_dp;		/* databuf to process */
-	struct databuf *r_deldp;	/* databuf's deleted/overwritten */
-	u_int16_t	r_zone;		/* zone number on server */
+struct ns_tsig_key {
+        char name[NS_MAXDNAME], alg[NS_MAXDNAME];
+        unsigned char *data;
+        int len;
 };
-typedef struct ns_updrec ns_updrec;
+typedef struct ns_tsig_key ns_tsig_key;
+
+/*
+ * This structure is used for TSIG authenticated TCP messages
+ */
+struct ns_tcp_tsig_state {
+	int counter;
+	struct dst_key *key;
+	void *ctx;
+	unsigned char sig[NS_PACKETSZ];
+	int siglen;
+};
+typedef struct ns_tcp_tsig_state ns_tcp_tsig_state;
+
+#define NS_TSIG_FUDGE 300
+#define NS_TSIG_TCP_COUNT 100
+#define NS_TSIG_ALG_HMAC_MD5 "HMAC-MD5.SIG-ALG.REG.INT"
+
+#define NS_TSIG_ERROR_NO_TSIG -10
+#define NS_TSIG_ERROR_NO_SPACE -11
+#define NS_TSIG_ERROR_FORMERR -12
 
 /*
  * Currently defined type values for resources and queries.
  */
 typedef enum __ns_type {
+	ns_t_invalid = 0,	/* Cookie. */
 	ns_t_a = 1,		/* Host address. */
 	ns_t_ns = 2,		/* Authoritative server. */
 	ns_t_md = 3,		/* Mail destination. */
@@ -277,21 +289,40 @@ typedef enum __ns_type {
 	ns_t_srv = 33,		/* Server Selection. */
 	ns_t_atma = 34,		/* ATM Address */
 	ns_t_naptr = 35,	/* Naming Authority PoinTeR */
-	/* Query type values which do not appear in resource records. */
+	ns_t_kx = 36,		/* Key Exchange */
+	ns_t_cert = 37,		/* Certification record */
+	ns_t_a6 = 38,		/* IPv6 address (deprecates AAAA) */
+	ns_t_dname = 39,	/* Non-terminal DNAME (for IPv6) */
+	ns_t_sink = 40,		/* Kitchen sink (experimentatl) */
+	ns_t_opt = 41,		/* EDNS0 option (meta-RR) */
+	ns_t_tsig = 250,	/* Transaction signature. */
 	ns_t_ixfr = 251,	/* Incremental zone transfer. */
 	ns_t_axfr = 252,	/* Transfer zone of authority. */
 	ns_t_mailb = 253,	/* Transfer mailbox records. */
 	ns_t_maila = 254,	/* Transfer mail agent records. */
 	ns_t_any = 255,		/* Wildcard match. */
+	ns_t_zxfr = 256,	/* BIND-specific, nonstandard. */
 	ns_t_max = 65536
 } ns_type;
 
+/* Exclusively a QTYPE? (not also an RTYPE) */
+#define	ns_t_qt_p(t) (ns_t_xfr_p(t) || (t) == ns_t_any || \
+		      (t) == ns_t_mailb || (t) == ns_t_maila)
+/* Some kind of meta-RR? (not a QTYPE, but also not an RTYPE) */
+#define	ns_t_mrr_p(t) ((t) == ns_t_tsig || (t) == ns_t_opt)
+/* Exclusively an RTYPE? (not also a QTYPE or a meta-RR) */
+#define ns_t_rr_p(t) (!ns_t_qt_p(t) && !ns_t_mrr_p(t))
+#define ns_t_udp_p(t) ((t) != ns_t_axfr && (t) != ns_t_zxfr)
+#define ns_t_xfr_p(t) ((t) == ns_t_axfr || (t) == ns_t_ixfr || \
+		       (t) == ns_t_zxfr)
+
 /*
  * Values for class field
  */
 typedef enum __ns_class {
+	ns_c_invalid = 0,	/* Cookie. */
 	ns_c_in = 1,		/* Internet. */
-				/* Class 2 unallocated/unsupported. */
+	ns_c_2 = 2,		/* unallocated/unsupported. */
 	ns_c_chaos = 3,		/* MIT Chaos-net. */
 	ns_c_hs = 4,		/* MIT Hesiod. */
 	/* Query class values which do not appear in resource records */
@@ -300,9 +331,24 @@ typedef enum __ns_class {
 	ns_c_max = 65536
 } ns_class;
 
-/*
- * Flags field of the KEY RR rdata
- */
+/* DNSSEC constants. */
+
+typedef enum __ns_key_types {
+	ns_kt_rsa = 1,		/* key type RSA/MD5 */
+	ns_kt_dh  = 2,		/* Diffie Hellman */
+	ns_kt_dsa = 3,		/* Digital Signature Standard (MANDATORY) */
+	ns_kt_private = 254	/* Private key type starts with OID */
+} ns_key_types;
+
+typedef enum __ns_cert_types {
+	cert_t_pkix = 1,	/* PKIX (X.509v3) */
+	cert_t_spki = 2,	/* SPKI */
+	cert_t_pgp  = 3,	/* PGP */
+	cert_t_url  = 253,	/* URL private type */
+	cert_t_oid  = 254	/* OID private type */
+} ns_cert_types;
+
+/* Flags field of the KEY RR rdata. */
 #define	NS_KEY_TYPEMASK		0xC000	/* Mask for "type" bits */
 #define	NS_KEY_TYPE_AUTH_CONF	0x0000	/* Key usable for both */
 #define	NS_KEY_TYPE_CONF_ONLY	0x8000	/* Key usable for confidentiality */
@@ -311,28 +357,45 @@ typedef enum __ns_class {
 /* The type bits can also be interpreted independently, as single bits: */
 #define	NS_KEY_NO_AUTH		0x8000	/* Key unusable for authentication */
 #define	NS_KEY_NO_CONF		0x4000	/* Key unusable for confidentiality */
-#define	NS_KEY_EXPERIMENTAL	0x2000	/* Security is *mandatory* if bit=0 */
-#define	NS_KEY_RESERVED3	0x1000  /* reserved - must be zero */
+#define	NS_KEY_RESERVED2	0x2000	/* Security is *mandatory* if bit=0 */
+#define	NS_KEY_EXTENDED_FLAGS	0x1000	/* reserved - must be zero */
 #define	NS_KEY_RESERVED4	0x0800  /* reserved - must be zero */
-#define	NS_KEY_USERACCOUNT	0x0400	/* key is assoc. with a user acct */
-#define	NS_KEY_ENTITY		0x0200	/* key is assoc. with entity eg host */
-#define	NS_KEY_ZONEKEY		0x0100	/* key is zone key */
-#define	NS_KEY_IPSEC		0x0080  /* key is for IPSEC (host or user)*/
-#define	NS_KEY_EMAIL		0x0040  /* key is for email (MIME security) */
+#define	NS_KEY_RESERVED5	0x0400  /* reserved - must be zero */
+#define	NS_KEY_NAME_TYPE	0x0300	/* these bits determine the type */
+#define	NS_KEY_NAME_USER	0x0000	/* key is assoc. with user */
+#define	NS_KEY_NAME_ENTITY	0x0200	/* key is assoc. with entity eg host */
+#define	NS_KEY_NAME_ZONE	0x0100	/* key is zone key */
+#define	NS_KEY_NAME_RESERVED	0x0300	/* reserved meaning */
+#define	NS_KEY_RESERVED8	0x0080  /* reserved - must be zero */
+#define	NS_KEY_RESERVED9	0x0040  /* reserved - must be zero */
 #define	NS_KEY_RESERVED10	0x0020  /* reserved - must be zero */
 #define	NS_KEY_RESERVED11	0x0010  /* reserved - must be zero */
 #define	NS_KEY_SIGNATORYMASK	0x000F	/* key can sign RR's of same name */
-
-#define	NS_KEY_RESERVED_BITMASK ( NS_KEY_RESERVED3 | \
+#define	NS_KEY_RESERVED_BITMASK ( NS_KEY_RESERVED2 | \
 				  NS_KEY_RESERVED4 | \
+				  NS_KEY_RESERVED5 | \
+				  NS_KEY_RESERVED8 | \
+				  NS_KEY_RESERVED9 | \
 				  NS_KEY_RESERVED10 | \
 				  NS_KEY_RESERVED11 )
+#define NS_KEY_RESERVED_BITMASK2 0xFFFF /* no bits defined here */
 
 /* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */
 #define	NS_ALG_MD5RSA		1	/* MD5 with RSA */
+#define	NS_ALG_DH               2	/* Diffie Hellman KEY */
+#define	NS_ALG_DSA              3	/* DSA KEY */
+#define	NS_ALG_DSS              NS_ALG_DSA
 #define	NS_ALG_EXPIRE_ONLY	253	/* No alg, no security */
 #define	NS_ALG_PRIVATE_OID	254	/* Key begins with OID giving alg */
 
+/* Protocol values  */
+/* value 0 is reserved */
+#define NS_KEY_PROT_TLS         1
+#define NS_KEY_PROT_EMAIL       2
+#define NS_KEY_PROT_DNSSEC      3
+#define NS_KEY_PROT_IPSEC       4
+#define NS_KEY_PROT_ANY		255
+
 /* Signatures */
 #define	NS_MD5RSA_MIN_BITS	 512	/* Size of a mod or exp in bits */
 #define	NS_MD5RSA_MAX_BITS	2552
@@ -340,6 +403,12 @@ typedef enum __ns_class {
 #define	NS_MD5RSA_MAX_BYTES	((NS_MD5RSA_MAX_BITS+7/8)*2+3)
 	/* Max length of text sig block */
 #define	NS_MD5RSA_MAX_BASE64	(((NS_MD5RSA_MAX_BYTES+2)/3)*4)
+#define NS_MD5RSA_MIN_SIZE	((NS_MD5RSA_MIN_BITS+7)/8)
+#define NS_MD5RSA_MAX_SIZE	((NS_MD5RSA_MAX_BITS+7)/8)
+
+#define NS_DSA_SIG_SIZE         41
+#define NS_DSA_MIN_SIZE         213
+#define NS_DSA_MAX_BYTES        405
 
 /* Offsets into SIG record rdata to find various values */
 #define	NS_SIG_TYPE	0	/* Type flags */
@@ -356,20 +425,20 @@ typedef enum __ns_class {
 #define	NS_NXT_BIT_SET(  n,p) (p[(n)/NS_NXT_BITS] |=  (0x80>>((n)%NS_NXT_BITS)))
 #define	NS_NXT_BIT_CLEAR(n,p) (p[(n)/NS_NXT_BITS] &= ~(0x80>>((n)%NS_NXT_BITS)))
 #define	NS_NXT_BIT_ISSET(n,p) (p[(n)/NS_NXT_BITS] &   (0x80>>((n)%NS_NXT_BITS)))
-
+#define NS_NXT_MAX 127
 
 /*
  * Inline versions of get/put short/long.  Pointer is advanced.
  */
-#define NS_GET16(s, cp) { \
+#define NS_GET16(s, cp) do { \
 	register u_char *t_cp = (u_char *)(cp); \
 	(s) = ((u_int16_t)t_cp[0] << 8) \
 	    | ((u_int16_t)t_cp[1]) \
 	    ; \
 	(cp) += NS_INT16SZ; \
-}
+} while (0)
 
-#define NS_GET32(l, cp) { \
+#define NS_GET32(l, cp) do { \
 	register u_char *t_cp = (u_char *)(cp); \
 	(l) = ((u_int32_t)t_cp[0] << 24) \
 	    | ((u_int32_t)t_cp[1] << 16) \
@@ -377,17 +446,17 @@ typedef enum __ns_class {
 	    | ((u_int32_t)t_cp[3]) \
 	    ; \
 	(cp) += NS_INT32SZ; \
-}
+} while (0)
 
-#define NS_PUT16(s, cp) { \
+#define NS_PUT16(s, cp) do { \
 	register u_int16_t t_s = (u_int16_t)(s); \
 	register u_char *t_cp = (u_char *)(cp); \
 	*t_cp++ = t_s >> 8; \
 	*t_cp   = t_s; \
 	(cp) += NS_INT16SZ; \
-}
+} while (0)
 
-#define NS_PUT32(l, cp) { \
+#define NS_PUT32(l, cp) do { \
 	register u_int32_t t_l = (u_int32_t)(l); \
 	register u_char *t_cp = (u_char *)(cp); \
 	*t_cp++ = t_l >> 24; \
@@ -395,27 +464,42 @@ typedef enum __ns_class {
 	*t_cp++ = t_l >> 8; \
 	*t_cp   = t_l; \
 	(cp) += NS_INT32SZ; \
-}
+} while (0)
 
 /*
- * ANSI C identifier hiding.
+ * ANSI C identifier hiding for bind's lib/nameser.
  */
 #define ns_get16		__ns_get16
 #define ns_get32		__ns_get32
 #define ns_put16		__ns_put16
 #define ns_put32		__ns_put32
 #define ns_initparse		__ns_initparse
+#define ns_skiprr		__ns_skiprr
 #define ns_parserr		__ns_parserr
 #define	ns_sprintrr		__ns_sprintrr
 #define	ns_sprintrrf		__ns_sprintrrf
 #define	ns_format_ttl		__ns_format_ttl
 #define	ns_parse_ttl		__ns_parse_ttl
+#define ns_datetosecs		__ns_datetosecs
+#define	ns_name_ntol		__ns_name_ntol
 #define	ns_name_ntop		__ns_name_ntop
 #define	ns_name_pton		__ns_name_pton
 #define	ns_name_unpack		__ns_name_unpack
 #define	ns_name_pack		__ns_name_pack
 #define	ns_name_compress	__ns_name_compress
 #define	ns_name_uncompress	__ns_name_uncompress
+#define	ns_name_skip		__ns_name_skip
+#define	ns_sign			__ns_sign
+#define	ns_sign_tcp		__ns_sign_tcp
+#define	ns_sign_tcp_init	__ns_sign_tcp_init
+#define ns_find_tsig		__ns_find_tsig
+#define	ns_verify		__ns_verify
+#define	ns_verify_tcp		__ns_verify_tcp
+#define	ns_verify_tcp_init	__ns_verify_tcp_init
+#define	ns_samedomain		__ns_samedomain
+#define	ns_subdomain		__ns_subdomain
+#define	ns_makecanon		__ns_makecanon
+#define	ns_samename		__ns_samename
 
 __BEGIN_DECLS
 u_int		ns_get16 __P((const u_char *));
@@ -423,6 +507,7 @@ u_long		ns_get32 __P((const u_char *));
 void		ns_put16 __P((u_int, u_char *));
 void		ns_put32 __P((u_long, u_char *));
 int		ns_initparse __P((const u_char *, int, ns_msg *));
+int		ns_skiprr __P((const u_char *, const u_char *, ns_sect, int));
 int		ns_parserr __P((ns_msg *, ns_sect, int, ns_rr *));
 int		ns_sprintrr __P((const ns_msg *, const ns_rr *,
 				 const char *, const char *, char *, size_t));
@@ -432,6 +517,8 @@ int		ns_sprintrrf __P((const u_char *, size_t, const char *,
 				  char *, size_t));
 int		ns_format_ttl __P((u_long, char *, size_t));
 int		ns_parse_ttl __P((const char *, u_long *));
+u_int32_t	ns_datetosecs __P((const char *cp, int *errp));
+int		ns_name_ntol __P((const u_char *, u_char *, size_t));
 int		ns_name_ntop __P((const u_char *, char *, size_t));
 int		ns_name_pton __P((const char *, u_char *, size_t));
 int		ns_name_unpack __P((const u_char *, const u_char *,
@@ -443,6 +530,23 @@ int		ns_name_uncompress __P((const u_char *, const u_char *,
 int		ns_name_compress __P((const char *, u_char *, size_t,
 				      const u_char **, const u_char **));
 int		ns_name_skip __P((const u_char **, const u_char *));
+int		ns_sign __P((u_char *, int *, int, int, void *,
+			     const u_char *, int, u_char *, int *, time_t));
+int		ns_sign_tcp __P((u_char *, int *, int, int,
+				 ns_tcp_tsig_state *, int));
+int		ns_sign_tcp_init __P((void *, const u_char *, int,
+					ns_tcp_tsig_state *));
+u_char		*ns_find_tsig __P((u_char *, u_char *));
+int		ns_verify __P((u_char *, int *, void *,
+			       const u_char *, int, u_char *, int *,
+			       time_t *, int));
+int		ns_verify_tcp __P((u_char *, int *, ns_tcp_tsig_state *, int));
+int		ns_verify_tcp_init __P((void *, const u_char *, int,
+					ns_tcp_tsig_state *));
+int		ns_samedomain __P((const char *, const char *));
+int		ns_subdomain __P((const char *, const char *));
+int		ns_makecanon __P((const char *, char *, size_t));
+int		ns_samename __P((const char *, const char *));
 __END_DECLS
 
 #ifdef BIND_4_COMPAT