diff options
Diffstat (limited to 'contrib/bind9/bin/named')
| -rw-r--r-- | contrib/bind9/bin/named/Makefile.in | 8 | ||||
| -rw-r--r-- | contrib/bind9/bin/named/client.c | 10 | ||||
| -rw-r--r-- | contrib/bind9/bin/named/config.c | 2 | ||||
| -rw-r--r-- | contrib/bind9/bin/named/controlconf.c | 6 | ||||
| -rw-r--r-- | contrib/bind9/bin/named/include/dlz/dlz_dlopen_driver.h | 27 | ||||
| -rw-r--r-- | contrib/bind9/bin/named/include/named/globals.h | 6 | ||||
| -rw-r--r-- | contrib/bind9/bin/named/interfacemgr.c | 7 | ||||
| -rw-r--r-- | contrib/bind9/bin/named/logconf.c | 57 | ||||
| -rw-r--r-- | contrib/bind9/bin/named/main.c | 35 | ||||
| -rw-r--r-- | contrib/bind9/bin/named/query.c | 67 | ||||
| -rw-r--r-- | contrib/bind9/bin/named/server.c | 486 | ||||
| -rw-r--r-- | contrib/bind9/bin/named/statschannel.c | 6 | ||||
| -rw-r--r-- | contrib/bind9/bin/named/unix/Makefile.in | 9 | ||||
| -rw-r--r-- | contrib/bind9/bin/named/unix/dlz_dlopen_driver.c | 616 | ||||
| -rw-r--r-- | contrib/bind9/bin/named/unix/os.c | 11 | ||||
| -rw-r--r-- | contrib/bind9/bin/named/update.c | 9 | ||||
| -rw-r--r-- | contrib/bind9/bin/named/xfrout.c | 52 | ||||
| -rw-r--r-- | contrib/bind9/bin/named/zoneconf.c | 104 |
18 files changed, 1172 insertions, 346 deletions
diff --git a/contrib/bind9/bin/named/Makefile.in b/contrib/bind9/bin/named/Makefile.in index a3dbb3802dc9e..86400c47f0261 100644 --- a/contrib/bind9/bin/named/Makefile.in +++ b/contrib/bind9/bin/named/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.114 2010-12-22 09:00:40 marka Exp $ +# $Id: Makefile.in,v 1.114.14.2 2011-03-10 23:47:25 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -45,7 +45,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \ ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \ ${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@ -CDEFINES = @USE_DLZ@ @USE_PKCS11@ @USE_OPENSSL@ +CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@ @USE_OPENSSL@ CWARNINGS = @@ -89,7 +89,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \ lwdgnba.@O@ lwdgrbn.@O@ lwdnoop.@O@ lwsearch.@O@ \ ${DLZDRIVER_OBJS} ${DBDRIVER_OBJS} -UOBJS = unix/os.@O@ +UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@ SYMOBJS = symtbl.@O@ diff --git a/contrib/bind9/bin/named/client.c b/contrib/bind9/bin/named/client.c index bc9cc878adbcc..2115ac101bcf3 100644 --- a/contrib/bind9/bin/named/client.c +++ b/contrib/bind9/bin/named/client.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.c,v 1.271 2011-01-11 23:47:12 tbox Exp $ */ +/* $Id: client.c,v 1.271.10.2 2011-07-28 04:30:54 marka Exp $ */ #include <config.h> @@ -633,6 +633,7 @@ ns_client_endrequest(ns_client_t *client) { dns_message_puttemprdataset(client->message, &client->opt); } + client->signer = NULL; client->udpsize = 512; client->extflags = 0; client->ednsversion = -1; @@ -1312,6 +1313,12 @@ ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey, UNUSED(arg); + /* + * ns_g_server->interfacemgr is task exclusive locked. + */ + if (ns_g_server->interfacemgr == NULL) + return (ISC_TRUE); + if (!ns_interfacemgr_listeningon(ns_g_server->interfacemgr, dstaddr)) return (ISC_FALSE); @@ -2095,6 +2102,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { client->next = NULL; client->shutdown = NULL; client->shutdown_arg = NULL; + client->signer = NULL; dns_name_init(&client->signername, NULL); client->mortal = ISC_FALSE; client->tcpquota = NULL; diff --git a/contrib/bind9/bin/named/config.c b/contrib/bind9/bin/named/config.c index 704d7ecc55ef4..e34e5c4e63bfe 100644 --- a/contrib/bind9/bin/named/config.c +++ b/contrib/bind9/bin/named/config.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.c,v 1.113.16.1.2.1 2011-06-02 23:47:28 tbox Exp $ */ +/* $Id: config.c,v 1.113.16.2 2011-02-28 01:19:58 tbox Exp $ */ /*! \file */ diff --git a/contrib/bind9/bin/named/controlconf.c b/contrib/bind9/bin/named/controlconf.c index 16d375b0083ad..bd269e519b3e7 100644 --- a/contrib/bind9/bin/named/controlconf.c +++ b/contrib/bind9/bin/named/controlconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: controlconf.c,v 1.60 2008-07-23 23:27:54 marka Exp $ */ +/* $Id: controlconf.c,v 1.60.544.2 2011-03-12 04:59:14 tbox Exp $ */ /*! \file */ @@ -859,7 +859,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING, "secret for key '%s' on command channel: %s", keyid->keyname, isc_result_totext(result)); - CHECK(result); + goto cleanup; } keyid->secret.length = isc_buffer_usedlength(&b); diff --git a/contrib/bind9/bin/named/include/dlz/dlz_dlopen_driver.h b/contrib/bind9/bin/named/include/dlz/dlz_dlopen_driver.h new file mode 100644 index 0000000000000..fc51c49da7673 --- /dev/null +++ b/contrib/bind9/bin/named/include/dlz/dlz_dlopen_driver.h @@ -0,0 +1,27 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: dlz_dlopen_driver.h,v 1.1.4.4 2011-03-17 09:41:06 fdupont Exp $ */ + +#ifndef DLZ_DLOPEN_DRIVER_H +#define DLZ_DLOPEN_DRIVER_H + +isc_result_t +dlz_dlopen_init(isc_mem_t *mctx); + +void +dlz_dlopen_clear(void); +#endif diff --git a/contrib/bind9/bin/named/include/named/globals.h b/contrib/bind9/bin/named/include/named/globals.h index f155c7f05ed53..7bea32d52b553 100644 --- a/contrib/bind9/bin/named/include/named/globals.h +++ b/contrib/bind9/bin/named/include/named/globals.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: globals.h,v 1.89 2010-09-15 12:07:55 marka Exp $ */ +/* $Id: globals.h,v 1.89.54.2 2011-06-17 23:47:10 tbox Exp $ */ #ifndef NAMED_GLOBALS_H #define NAMED_GLOBALS_H 1 @@ -26,6 +26,7 @@ #include <isc/log.h> #include <isc/net.h> +#include <isccfg/aclconf.h> #include <isccfg/cfg.h> #include <dns/zone.h> @@ -102,6 +103,7 @@ EXTERN const char * lwresd_g_resolvconffile INIT("/etc" EXTERN isc_boolean_t ns_g_conffileset INIT(ISC_FALSE); EXTERN isc_boolean_t lwresd_g_useresolvconf INIT(ISC_FALSE); EXTERN isc_uint16_t ns_g_udpsize INIT(4096); +EXTERN cfg_aclconfctx_t * ns_g_aclconfctx INIT(NULL); /* * Initial resource limits. diff --git a/contrib/bind9/bin/named/interfacemgr.c b/contrib/bind9/bin/named/interfacemgr.c index e99d3b9cfe38d..513fb2491094d 100644 --- a/contrib/bind9/bin/named/interfacemgr.c +++ b/contrib/bind9/bin/named/interfacemgr.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: interfacemgr.c,v 1.95 2009-01-17 23:47:42 tbox Exp $ */ +/* $Id: interfacemgr.c,v 1.95.426.2 2011-03-12 04:59:14 tbox Exp $ */ /*! \file */ @@ -379,7 +379,7 @@ ns_interface_setup(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, } } *ifpret = ifp; - return (ISC_R_SUCCESS); + return (result); cleanup_interface: ISC_LIST_UNLINK(ifp->mgr->interfaces, ifp, link); @@ -964,7 +964,6 @@ isc_boolean_t ns_interfacemgr_listeningon(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr) { isc_sockaddr_t *old; - old = ISC_LIST_HEAD(mgr->listenon); for (old = ISC_LIST_HEAD(mgr->listenon); old != NULL; old = ISC_LIST_NEXT(old, link)) diff --git a/contrib/bind9/bin/named/logconf.c b/contrib/bind9/bin/named/logconf.c index 8ae55ff7c54e6..4fcb4e8dcaed9 100644 --- a/contrib/bind9/bin/named/logconf.c +++ b/contrib/bind9/bin/named/logconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,12 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: logconf.c,v 1.42 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: logconf.c,v 1.42.816.3 2011-03-05 23:52:06 tbox Exp $ */ /*! \file */ #include <config.h> +#include <isc/file.h> #include <isc/offset.h> #include <isc/result.h> #include <isc/stdio.h> @@ -130,7 +131,7 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) { } type = ISC_LOG_TONULL; - + if (fileobj != NULL) { const cfg_obj_t *pathobj = cfg_tuple_get(fileobj, "file"); const cfg_obj_t *sizeobj = cfg_tuple_get(fileobj, "size"); @@ -140,7 +141,7 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) { isc_offset_t size = 0; type = ISC_LOG_TOFILE; - + if (versionsobj != NULL && cfg_obj_isuint32(versionsobj)) versions = cfg_obj_asuint32(versionsobj); if (versionsobj != NULL && cfg_obj_isstring(versionsobj) && @@ -219,26 +220,38 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) { if (result == ISC_R_SUCCESS && type == ISC_LOG_TOFILE) { FILE *fp; - - /* - * Test that the file can be opened, since isc_log_open() - * can't effectively report failures when called in - * isc_log_doit(). - */ - result = isc_stdio_open(dest.file.name, "a", &fp); - if (result != ISC_R_SUCCESS) - isc_log_write(ns_g_lctx, CFG_LOGCATEGORY_CONFIG, - NS_LOGMODULE_SERVER, ISC_LOG_ERROR, - "logging channel '%s' file '%s': %s", - channelname, dest.file.name, - isc_result_totext(result)); - else - (void)isc_stdio_close(fp); /* - * Allow named to continue by returning success. - */ - result = ISC_R_SUCCESS; + * Test to make sure that file is a plain file. + * Fix defect #22771 + */ + result = isc_file_isplainfile(dest.file.name); + if (result == ISC_R_SUCCESS || + result == ISC_R_FILENOTFOUND) { + /* + * Test that the file can be opened, since + * isc_log_open() can't effectively report + * failures when called in + * isc_log_doit(). + */ + result = isc_stdio_open(dest.file.name, "a", &fp); + if (result != ISC_R_SUCCESS) { + syslog(LOG_ERR, + "isc_stdio_open '%s' failed: %s", + dest.file.name, + isc_result_totext(result)); + fprintf(stderr, + "isc_stdio_open '%s' failed: %s", + dest.file.name, + isc_result_totext(result)); + } else + (void)isc_stdio_close(fp); + } else { + syslog(LOG_ERR, "isc_file_isplainfile '%s' failed: %s", + dest.file.name, isc_result_totext(result)); + fprintf(stderr, "isc_file_isplainfile '%s' failed: %s", + dest.file.name, isc_result_totext(result)); + } } return (result); diff --git a/contrib/bind9/bin/named/main.c b/contrib/bind9/bin/named/main.c index 84d86b146f4cf..d226113601204 100644 --- a/contrib/bind9/bin/named/main.c +++ b/contrib/bind9/bin/named/main.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: main.c,v 1.180 2010-12-22 03:59:02 marka Exp $ */ +/* $Id: main.c,v 1.180.14.3 2011-03-11 06:47:00 marka Exp $ */ /*! \file */ @@ -51,6 +51,8 @@ #include <dst/result.h> +#include <dlz/dlz_dlopen_driver.h> + /* * Defining NS_MAIN provides storage declarations (rather than extern) * for variables in named/globals.h. @@ -81,10 +83,10 @@ */ /* #include "xxdb.h" */ +#ifdef CONTRIB_DLZ /* - * Include DLZ drivers if appropriate. + * Include contributed DLZ drivers if appropriate. */ -#ifdef DLZ #include <dlz/dlz_drivers.h> #endif @@ -560,6 +562,7 @@ parse_command_line(int argc, char *argv[]) { argc -= isc_commandline_index; argv += isc_commandline_index; + POST(argv); if (argc > 0) { usage(); @@ -856,9 +859,19 @@ setup(void) { */ /* xxdb_init(); */ -#ifdef DLZ +#ifdef ISC_DLZ_DLOPEN + /* + * Register the DLZ "dlopen" driver. + */ + result = dlz_dlopen_init(ns_g_mctx); + if (result != ISC_R_SUCCESS) + ns_main_earlyfatal("dlz_dlopen_init() failed: %s", + isc_result_totext(result)); +#endif + +#if CONTRIB_DLZ /* - * Register any DLZ drivers. + * Register any other contributed DLZ drivers. */ result = dlz_drivers_init(); if (result != ISC_R_SUCCESS) @@ -882,12 +895,18 @@ cleanup(void) { */ /* xxdb_clear(); */ -#ifdef DLZ +#ifdef CONTRIB_DLZ /* - * Unregister any DLZ drivers. + * Unregister contributed DLZ drivers. */ dlz_drivers_clear(); #endif +#ifdef ISC_DLZ_DLOPEN + /* + * Unregister "dlopen" DLZ driver. + */ + dlz_dlopen_clear(); +#endif dns_name_destroy(); diff --git a/contrib/bind9/bin/named/query.c b/contrib/bind9/bin/named/query.c index 1950257dca2c3..9be178beddb01 100644 --- a/contrib/bind9/bin/named/query.c +++ b/contrib/bind9/bin/named/query.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.353.8.2.2.5 2011-06-09 03:17:10 marka Exp $ */ +/* $Id: query.c,v 1.353.8.11 2011-06-09 03:14:03 marka Exp $ */ /*! \file */ @@ -31,9 +31,7 @@ #include <dns/adb.h> #include <dns/byaddr.h> #include <dns/db.h> -#ifdef DLZ #include <dns/dlz.h> -#endif #include <dns/dns64.h> #include <dns/dnssec.h> #include <dns/events.h> @@ -1027,7 +1025,6 @@ query_getdb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, { isc_result_t result; -#ifdef DLZ isc_result_t tresult; unsigned int namelabels; unsigned int zonelabels; @@ -1093,16 +1090,10 @@ query_getdb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, result = tresult; } } -#else - result = query_getzonedb(client, name, qtype, options, - zonep, dbp, versionp); -#endif /* If successful, Transfer ownership of zone. */ if (result == ISC_R_SUCCESS) { -#ifdef DLZ *zonep = zone; -#endif /* * If neither attempt above succeeded, return the cache instead */ @@ -1633,6 +1624,7 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { need_addname = ISC_FALSE; zone = NULL; needadditionalcache = ISC_FALSE; + POST(needadditionalcache); additionaltype = dns_rdatasetadditional_fromauth; dns_name_init(&cfname, NULL); @@ -4305,11 +4297,12 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, * Check rules for the name if this it the first time, * i.e. we've not been recursing. */ - result = DNS_R_SERVFAIL; st->state &= ~(DNS_RPZ_HAVE_IP | DNS_RPZ_HAVE_NSIPv4 | DNS_RPZ_HAVE_NSIPv6 | DNS_RPZ_HAD_NSDNAME); result = rpz_rewrite_name(client, qtype, client->query.qname, DNS_RPZ_TYPE_QNAME, &rdataset); + if (result != ISC_R_SUCCESS) + goto cleanup; if (st->m.policy != DNS_RPZ_POLICY_MISS) goto cleanup; if ((st->state & (DNS_RPZ_HAVE_NSIPv4 | DNS_RPZ_HAVE_NSIPv6 | @@ -4415,9 +4408,10 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, (st->state & DNS_RPZ_HAVE_NSIPv6) != 0 && st->m.type != DNS_RPZ_TYPE_NSDNAME) { result = rpz_rewrite_nsip(client, - dns_rdatatype_aaaa, - &ns.name, &ipdb, version, - &rdataset, resuming); + dns_rdatatype_aaaa, + &ns.name, &ipdb, + version, &rdataset, + resuming); } dns_rdata_freestruct(&ns); if (ipdb != NULL) @@ -4932,12 +4926,14 @@ dns64_aaaaok(ns_client_t *client, dns_rdataset_t *rdataset, break; } } - if (i == count) + if (i == count && aaaaok != NULL) isc_mem_put(client->mctx, aaaaok, sizeof(isc_boolean_t) * count); return (ISC_TRUE); } - isc_mem_put(client->mctx, aaaaok, sizeof(isc_boolean_t) * count); + if (aaaaok != NULL) + isc_mem_put(client->mctx, aaaaok, + sizeof(isc_boolean_t) * count); return (ISC_FALSE); } @@ -5198,25 +5194,22 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) } is_staticstub_zone = ISC_FALSE; - if (is_zone && zone != NULL) { + if (is_zone) { authoritative = ISC_TRUE; - if (dns_zone_gettype(zone) == dns_zone_staticstub) + if (zone != NULL && + dns_zone_gettype(zone) == dns_zone_staticstub) is_staticstub_zone = ISC_TRUE; } if (event == NULL && client->query.restarts == 0) { if (is_zone) { -#ifdef DLZ if (zone != NULL) { /* * if is_zone = true, zone = NULL then this is * a DLZ zone. Don't attempt to attach zone. */ -#endif dns_zone_attach(zone, &client->query.authzone); -#ifdef DLZ } -#endif dns_db_attach(db, &client->query.authdb); } client->query.authdbset = ISC_TRUE; @@ -5290,7 +5283,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) dns_name_copy(fname, rpz_st->fname, NULL); rpz_st->q.result = result; client->query.attributes |= NS_QUERYATTR_RECURSING; - result = ISC_R_SUCCESS; goto cleanup; default: RECURSE_ERROR(rresult); @@ -5743,8 +5735,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) goto db_find; } - result = DNS_R_NXRRSET; - /* * Look for a NSEC3 record if we don't have a NSEC record. */ @@ -5880,9 +5870,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * resolver and not have it cached. */ if (qtype == dns_rdatatype_soa && -#ifdef DLZ zone != NULL && -#endif dns_zone_getzeronosoattl(zone)) result = query_addsoa(client, db, version, 0, dns_rdataset_isassociated(rdataset)); @@ -6161,17 +6149,17 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) } result = dns_name_concatenate(prefix, tname, fname, NULL); dns_message_puttempname(client->message, &tname); - if (result != ISC_R_SUCCESS) { - if (result == ISC_R_NOSPACE) { - /* - * RFC2672, section 4.1, subsection 3c says - * we should return YXDOMAIN if the constructed - * name would be too long. - */ - client->message->rcode = dns_rcode_yxdomain; - } + + /* + * RFC2672, section 4.1, subsection 3c says + * we should return YXDOMAIN if the constructed + * name would be too long. + */ + if (result == DNS_R_NAMETOOLONG) + client->message->rcode = dns_rcode_yxdomain; + if (result != ISC_R_SUCCESS) goto cleanup; - } + query_keepname(client, fname, dbuf); /* * Synthesize a CNAME consisting of @@ -6642,9 +6630,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) /* * Add a fake SOA record. */ - result = query_addsoa(client, db, - version, 600, - ISC_FALSE); + (void)query_addsoa(client, db, version, + 600, ISC_FALSE); goto cleanup; } #endif diff --git a/contrib/bind9/bin/named/server.c b/contrib/bind9/bin/named/server.c index 5bbf94b9b604c..f19a0bbb93713 100644 --- a/contrib/bind9/bin/named/server.c +++ b/contrib/bind9/bin/named/server.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.599.8.4 2011-02-16 19:46:12 each Exp $ */ +/* $Id: server.c,v 1.599.8.12 2011-08-02 04:58:45 each Exp $ */ /*! \file */ @@ -60,9 +60,7 @@ #include <dns/cache.h> #include <dns/db.h> #include <dns/dispatch.h> -#ifdef DLZ #include <dns/dlz.h> -#endif #include <dns/dns64.h> #include <dns/forward.h> #include <dns/journal.h> @@ -206,13 +204,15 @@ struct zonelistentry { /*% * Configuration context to retain for each view that allows - * new zones to be added at runtime + * new zones to be added at runtime. */ struct cfg_context { isc_mem_t * mctx; - cfg_obj_t * config; cfg_parser_t * parser; - cfg_aclconfctx_t actx; + cfg_obj_t * config; + cfg_parser_t * nzparser; + cfg_obj_t * nzconfig; + cfg_aclconfctx_t * actx; }; /* @@ -222,7 +222,6 @@ static const struct { const char *zone; isc_boolean_t rfc1918; } empty_zones[] = { -#ifdef notyet /* RFC 1918 */ { "10.IN-ADDR.ARPA", ISC_TRUE }, { "16.172.IN-ADDR.ARPA", ISC_TRUE }, @@ -242,7 +241,6 @@ static const struct { { "30.172.IN-ADDR.ARPA", ISC_TRUE }, { "31.172.IN-ADDR.ARPA", ISC_TRUE }, { "168.192.IN-ADDR.ARPA", ISC_TRUE }, -#endif /* RFC 5735 and RFC 5737 */ { "0.IN-ADDR.ARPA", ISC_FALSE }, /* THIS NETWORK */ @@ -304,7 +302,7 @@ static void end_reserved_dispatches(ns_server_t *server, isc_boolean_t all); static void -cfgctx_destroy(void **cfgp); +newzone_cfgctx_destroy(void **cfgp); /*% * Configure a single view ACL at '*aclp'. Get its configuration from @@ -847,18 +845,13 @@ get_view_querysource_dispatch(const cfg_obj_t **maps, int af, dns_dispatch_t **dispatchp, isc_boolean_t is_firstview) { - isc_result_t result; + isc_result_t result = ISC_R_FAILURE; dns_dispatch_t *disp; isc_sockaddr_t sa; unsigned int attrs, attrmask; const cfg_obj_t *obj = NULL; unsigned int maxdispatchbuffers; - /* - * Make compiler happy. - */ - result = ISC_R_FAILURE; - switch (af) { case AF_INET: result = ns_config_get(maps, "query-source", &obj); @@ -1340,7 +1333,6 @@ cache_sharable(dns_view_t *originview, dns_view_t *view, return (ISC_TRUE); } -#ifdef DLZ /* * Callback from DLZ configure when the driver sets up a writeable zone */ @@ -1358,7 +1350,6 @@ dlzconfigure_callback(dns_view_t *view, dns_zone_t *zone) { return ns_zone_configure_writeable_dlz(view->dlzdatabase, zone, zclass, origin); } -#endif static isc_result_t dns64_reverse(dns_view_t *view, isc_mem_t *mctx, isc_netaddr_t *na, @@ -1554,8 +1545,7 @@ configure_rpz(dns_view_t *view, const cfg_listelt_t *element) { * global defaults in 'config' used exclusively. */ static isc_result_t -configure_view(dns_view_t *view, cfg_parser_t* parser, - cfg_obj_t *config, cfg_obj_t *vconfig, +configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, ns_cachelist_t *cachelist, const cfg_obj_t *bindkeys, isc_mem_t *mctx, cfg_aclconfctx_t *actx, isc_boolean_t need_hints) @@ -1569,11 +1559,9 @@ configure_view(dns_view_t *view, cfg_parser_t* parser, const cfg_obj_t *forwarders; const cfg_obj_t *alternates; const cfg_obj_t *zonelist; -#ifdef DLZ const cfg_obj_t *dlz; unsigned int dlzargc; char **dlzargv; -#endif const cfg_obj_t *disabled; const cfg_obj_t *obj; const cfg_listelt_t *element; @@ -1587,7 +1575,7 @@ configure_view(dns_view_t *view, cfg_parser_t* parser, isc_uint32_t lame_ttl; dns_tsig_keyring_t *ring = NULL; dns_view_t *pview = NULL; /* Production view */ - isc_mem_t *cmctx; + isc_mem_t *cmctx = NULL, *hmctx = NULL; dns_dispatch_t *dispatch4 = NULL; dns_dispatch_t *dispatch6 = NULL; isc_boolean_t reused_cache = ISC_FALSE; @@ -1612,15 +1600,12 @@ configure_view(dns_view_t *view, cfg_parser_t* parser, isc_boolean_t auto_root = ISC_FALSE; ns_cache_t *nsc; isc_boolean_t zero_no_soattl; - cfg_parser_t *newzones_parser = NULL; - cfg_obj_t *nzfconf = NULL; dns_acl_t *clients = NULL, *mapped = NULL, *excluded = NULL; unsigned int query_timeout; + struct cfg_context *nzctx; REQUIRE(DNS_VIEW_VALID(view)); - cmctx = NULL; - if (config != NULL) (void)cfg_map_get(config, "options", &options); @@ -1651,6 +1636,7 @@ configure_view(dns_view_t *view, cfg_parser_t* parser, sep = ""; viewname = ""; forview = ""; + POST(forview); } /* @@ -1722,6 +1708,10 @@ configure_view(dns_view_t *view, cfg_parser_t* parser, (void)cfg_map_get(voptions, "zone", &zonelist); else (void)cfg_map_get(config, "zone", &zonelist); + + /* + * Load zone configuration + */ for (element = cfg_list_first(zonelist); element != NULL; element = cfg_list_next(element)) @@ -1732,61 +1722,31 @@ configure_view(dns_view_t *view, cfg_parser_t* parser, } /* - * Are we allowing zones to be added and deleted dynamically? - */ - obj = NULL; - result = ns_config_get(maps, "allow-new-zones", &obj); - if (result == ISC_R_SUCCESS) { - isc_boolean_t allow = cfg_obj_asboolean(obj); - struct cfg_context *cfg = NULL; - if (allow) { - cfg = isc_mem_get(view->mctx, sizeof(*cfg)); - if (cfg == NULL) { - result = ISC_R_NOMEMORY; - goto cleanup; - } - memset(cfg, 0, sizeof(*cfg)); - isc_mem_attach(view->mctx, &cfg->mctx); - if (config != NULL) - cfg_obj_attach(config, &cfg->config); - cfg_parser_attach(parser, &cfg->parser); - cfg_aclconfctx_clone(actx, &cfg->actx); - } - dns_view_setnewzones(view, allow, cfg, cfgctx_destroy); - } - - /* * If we're allowing added zones, then load zone configuration * from the newzone file for zones that were added during previous * runs. */ - if (view->new_zone_file != NULL) { + nzctx = view->new_zone_config; + if (nzctx != NULL && nzctx->nzconfig != NULL) { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, "loading additional zones for view '%s'", view->name); - CHECK(cfg_parser_create(view->mctx, ns_g_lctx, - &newzones_parser)); - result = cfg_parse_file(newzones_parser, view->new_zone_file, - &cfg_type_newzones, &nzfconf); - if (result == ISC_R_SUCCESS) { - zonelist = NULL; - cfg_map_get(nzfconf, "zone", &zonelist); - for (element = cfg_list_first(zonelist); - element != NULL; - element = cfg_list_next(element)) - { - const cfg_obj_t *zconfig = - cfg_listelt_value(element); - CHECK(configure_zone(config, zconfig, vconfig, - mctx, view, actx, - ISC_TRUE)); - } + zonelist = NULL; + cfg_map_get(nzctx->nzconfig, "zone", &zonelist); + + for (element = cfg_list_first(zonelist); + element != NULL; + element = cfg_list_next(element)) + { + const cfg_obj_t *zconfig = cfg_listelt_value(element); + CHECK(configure_zone(config, zconfig, vconfig, + mctx, view, actx, + ISC_TRUE)); } } -#ifdef DLZ /* * Create Dynamically Loadable Zone driver. */ @@ -1831,7 +1791,6 @@ configure_view(dns_view_t *view, cfg_parser_t* parser, goto cleanup; } } -#endif /* * Obtain configuration parameters that affect the decision of whether @@ -2103,13 +2062,21 @@ configure_view(dns_view_t *view, cfg_parser_t* parser, * view but is not yet configured. If it is not the * view name but not a forward reference either, then it * is simply a named cache that is not shared. + * + * We use two separate memory contexts for the + * cache, for the main cache memory and the heap + * memory. */ CHECK(isc_mem_create(0, 0, &cmctx)); isc_mem_setname(cmctx, "cache", NULL); - CHECK(dns_cache_create2(cmctx, ns_g_taskmgr, + CHECK(isc_mem_create(0, 0, &hmctx)); + isc_mem_setname(hmctx, "cache_heap", NULL); + CHECK(dns_cache_create3(cmctx, hmctx, ns_g_taskmgr, ns_g_timermgr, view->rdclass, cachename, "rbt", 0, NULL, &cache)); + isc_mem_detach(&cmctx); + isc_mem_detach(&hmctx); } nsc = isc_mem_get(mctx, sizeof(*nsc)); if (nsc == NULL) { @@ -2910,8 +2877,8 @@ configure_view(dns_view_t *view, cfg_parser_t* parser, if (result == ISC_R_SUCCESS) cfg_map_get(obj, "zone", &zonelist); } - if (zonelist != NULL) { + if (zonelist != NULL) { for (element = cfg_list_first(zonelist); element != NULL; element = cfg_list_next(element)) { @@ -2947,16 +2914,12 @@ configure_view(dns_view_t *view, cfg_parser_t* parser, dns_order_detach(&order); if (cmctx != NULL) isc_mem_detach(&cmctx); + if (hmctx != NULL) + isc_mem_detach(&hmctx); if (cache != NULL) dns_cache_detach(&cache); - if (newzones_parser != NULL) { - if (nzfconf != NULL) - cfg_obj_destroy(newzones_parser, &nzfconf); - cfg_parser_destroy(&newzones_parser); - } - return (result); } @@ -3161,21 +3124,16 @@ configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, return (result); } -/* - * Create a new view and add it to the list. - * - * If 'vconfig' is NULL, create the default view. - * - * The view created is attached to '*viewp'. - */ static isc_result_t -create_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist, - dns_view_t **viewp) +get_viewinfo(const cfg_obj_t *vconfig, const char **namep, + dns_rdataclass_t *classp) { - isc_result_t result; + isc_result_t result = ISC_R_SUCCESS; const char *viewname; dns_rdataclass_t viewclass; - dns_view_t *view = NULL; + + REQUIRE(namep != NULL && *namep == NULL); + REQUIRE(classp != NULL); if (vconfig != NULL) { const cfg_obj_t *classobj = NULL; @@ -3188,6 +3146,59 @@ create_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist, viewname = "_default"; viewclass = dns_rdataclass_in; } + + *namep = viewname; + *classp = viewclass; + + return (result); +} + +/* + * Find a view based on its configuration info and attach to it. + * + * If 'vconfig' is NULL, attach to the default view. + */ +static isc_result_t +find_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist, + dns_view_t **viewp) +{ + isc_result_t result; + const char *viewname = NULL; + dns_rdataclass_t viewclass; + dns_view_t *view = NULL; + + result = get_viewinfo(vconfig, &viewname, &viewclass); + if (result != ISC_R_SUCCESS) + return (result); + + result = dns_viewlist_find(viewlist, viewname, viewclass, &view); + if (result != ISC_R_SUCCESS) + return (result); + + *viewp = view; + return (ISC_R_SUCCESS); +} + +/* + * Create a new view and add it to the list. + * + * If 'vconfig' is NULL, create the default view. + * + * The view created is attached to '*viewp'. + */ +static isc_result_t +create_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist, + dns_view_t **viewp) +{ + isc_result_t result; + const char *viewname = NULL; + dns_rdataclass_t viewclass; + dns_view_t *view = NULL; + + result = get_viewinfo(vconfig, &viewname, &viewclass); + if (result != ISC_R_SUCCESS) + return (result); + result = dns_viewlist_find(viewlist, viewname, viewclass, &view); if (result == ISC_R_SUCCESS) return (ISC_R_EXISTS); @@ -4146,10 +4157,98 @@ configure_session_key(const cfg_obj_t **maps, ns_server_t *server, } static isc_result_t +setup_newzones(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, + cfg_parser_t *parser, cfg_aclconfctx_t *actx) +{ + isc_result_t result = ISC_R_SUCCESS; + isc_boolean_t allow = ISC_FALSE; + struct cfg_context *nzcfg = NULL; + cfg_parser_t *nzparser = NULL; + cfg_obj_t *nzconfig = NULL; + const cfg_obj_t *maps[4]; + const cfg_obj_t *options = NULL, *voptions = NULL; + const cfg_obj_t *nz = NULL; + int i = 0; + + REQUIRE (config != NULL); + + if (vconfig != NULL) + voptions = cfg_tuple_get(vconfig, "options"); + if (voptions != NULL) + maps[i++] = voptions; + result = cfg_map_get(config, "options", &options); + if (result == ISC_R_SUCCESS) + maps[i++] = options; + maps[i++] = ns_g_defaults; + maps[i] = NULL; + + result = ns_config_get(maps, "allow-new-zones", &nz); + if (result == ISC_R_SUCCESS) + allow = cfg_obj_asboolean(nz); + + if (!allow) { + dns_view_setnewzones(view, ISC_FALSE, NULL, NULL); + return (ISC_R_SUCCESS); + } + + nzcfg = isc_mem_get(view->mctx, sizeof(*nzcfg)); + if (nzcfg == NULL) { + dns_view_setnewzones(view, ISC_FALSE, NULL, NULL); + return (ISC_R_NOMEMORY); + } + + dns_view_setnewzones(view, allow, nzcfg, newzone_cfgctx_destroy); + + memset(nzcfg, 0, sizeof(*nzcfg)); + isc_mem_attach(view->mctx, &nzcfg->mctx); + cfg_obj_attach(config, &nzcfg->config); + cfg_parser_attach(parser, &nzcfg->parser); + cfg_aclconfctx_attach(actx, &nzcfg->actx); + + /* + * Attempt to create a parser and parse the newzones + * file. If successful, preserve both; otherwise leave + * them NULL. + */ + result = cfg_parser_create(view->mctx, ns_g_lctx, &nzparser); + if (result == ISC_R_SUCCESS) + result = cfg_parse_file(nzparser, view->new_zone_file, + &cfg_type_newzones, &nzconfig); + if (result == ISC_R_SUCCESS) { + cfg_parser_attach(nzparser, &nzcfg->nzparser); + cfg_obj_attach(nzconfig, &nzcfg->nzconfig); + } + + if (nzparser != NULL) { + if (nzconfig != NULL) + cfg_obj_destroy(nzparser, &nzconfig); + cfg_parser_destroy(&nzparser); + } + + return (ISC_R_SUCCESS); +} + +static int +count_zones(const cfg_obj_t *conf) { + const cfg_obj_t *zonelist = NULL; + const cfg_listelt_t *element; + int n = 0; + + REQUIRE(conf != NULL); + + cfg_map_get(conf, "zone", &zonelist); + for (element = cfg_list_first(zonelist); + element != NULL; + element = cfg_list_next(element)) + n++; + + return (n); +} + +static isc_result_t load_configuration(const char *filename, ns_server_t *server, isc_boolean_t first_time) { - cfg_aclconfctx_t aclconfctx; cfg_obj_t *config = NULL, *bindkeys = NULL; cfg_parser_t *conf_parser = NULL, *bindkeys_parser = NULL; const cfg_listelt_t *element; @@ -4177,8 +4276,9 @@ load_configuration(const char *filename, ns_server_t *server, ns_cachelist_t cachelist, tmpcachelist; unsigned int maxsocks; ns_cache_t *nsc; + struct cfg_context *nzctx; + int num_zones = 0; - cfg_aclconfctx_init(&aclconfctx); ISC_LIST_INIT(viewlist); ISC_LIST_INIT(builtin_viewlist); ISC_LIST_INIT(cachelist); @@ -4187,6 +4287,11 @@ load_configuration(const char *filename, ns_server_t *server, result = isc_task_beginexclusive(server->task); RUNTIME_CHECK(result == ISC_R_SUCCESS); + /* Create the ACL configuration context */ + if (ns_g_aclconfctx != NULL) + cfg_aclconfctx_detach(&ns_g_aclconfctx); + CHECK(cfg_aclconfctx_create(ns_g_mctx, &ns_g_aclconfctx)); + /* * Parse the global default pseudo-config file. */ @@ -4250,7 +4355,7 @@ load_configuration(const char *filename, ns_server_t *server, if (result == ISC_R_SUCCESS) maps[i++] = options; maps[i++] = ns_g_defaults; - maps[i++] = NULL; + maps[i] = NULL; /* * If bind.keys exists, load it. If "dnssec-lookaside auto" @@ -4337,8 +4442,9 @@ load_configuration(const char *filename, ns_server_t *server, else isc_quota_soft(&server->recursionquota, 0); - CHECK(configure_view_acl(NULL, config, "blackhole", NULL, &aclconfctx, - ns_g_mctx, &server->blackholeacl)); + CHECK(configure_view_acl(NULL, config, "blackhole", NULL, + ns_g_aclconfctx, ns_g_mctx, + &server->blackholeacl)); if (server->blackholeacl != NULL) dns_dispatchmgr_setblackhole(ns_g_dispatchmgr, server->blackholeacl); @@ -4348,7 +4454,7 @@ load_configuration(const char *filename, ns_server_t *server, INSIST(result == ISC_R_SUCCESS); server->aclenv.match_mapped = cfg_obj_asboolean(obj); - CHECKM(ns_statschannels_configure(ns_g_server, config, &aclconfctx), + CHECKM(ns_statschannels_configure(ns_g_server, config, ns_g_aclconfctx), "configuring statistics server(s)"); /* @@ -4476,11 +4582,10 @@ load_configuration(const char *filename, ns_server_t *server, if (options != NULL) (void)cfg_map_get(options, "listen-on", &clistenon); if (clistenon != NULL) { - result = ns_listenlist_fromconfig(clistenon, - config, - &aclconfctx, - ns_g_mctx, - &listenon); + /* check return code? */ + (void)ns_listenlist_fromconfig(clistenon, config, + ns_g_aclconfctx, + ns_g_mctx, &listenon); } else if (!ns_g_lwresdonly) { /* * Not specified, use default. @@ -4504,11 +4609,10 @@ load_configuration(const char *filename, ns_server_t *server, if (options != NULL) (void)cfg_map_get(options, "listen-on-v6", &clistenon); if (clistenon != NULL) { - result = ns_listenlist_fromconfig(clistenon, - config, - &aclconfctx, - ns_g_mctx, - &listenon); + /* check return code? */ + (void)ns_listenlist_fromconfig(clistenon, config, + ns_g_aclconfctx, + ns_g_mctx, &listenon); } else if (!ns_g_lwresdonly) { isc_boolean_t enable; /* @@ -4601,25 +4705,87 @@ load_configuration(const char *filename, ns_server_t *server, */ (void)configure_session_key(maps, server, ns_g_mctx); - /* - * Configure and freeze all explicit views. Explicit - * views that have zones were already created at parsing - * time, but views with no zones must be created here. - */ views = NULL; (void)cfg_map_get(config, "view", &views); + + /* + * Create the views and count all the configured zones in + * order to correctly size the zone manager's task table. + * (We only count zones for configured views; the built-in + * "bind" view can be ignored as it only adds a negligible + * number of zones.) + * + * If we're allowing new zones, we need to be able to find the + * new zone file and count those as well. So we setup the new + * zone configuration context, but otherwise view configuration + * waits until after the zone manager's task list has been sized. + */ for (element = cfg_list_first(views); element != NULL; element = cfg_list_next(element)) { cfg_obj_t *vconfig = cfg_listelt_value(element); + const cfg_obj_t *voptions = cfg_tuple_get(vconfig, "options"); view = NULL; CHECK(create_view(vconfig, &viewlist, &view)); INSIST(view != NULL); - CHECK(configure_view(view, conf_parser, config, vconfig, - &cachelist, bindkeys, - ns_g_mctx, &aclconfctx, ISC_TRUE)); + + num_zones += count_zones(voptions); + CHECK(setup_newzones(view, config, vconfig, conf_parser, + ns_g_aclconfctx)); + + nzctx = view->new_zone_config; + if (nzctx != NULL && nzctx->nzconfig != NULL) + num_zones += count_zones(nzctx->nzconfig); + + dns_view_detach(&view); + } + + /* + * If there were no explicit views then we do the default + * view here. + */ + if (views == NULL) { + CHECK(create_view(NULL, &viewlist, &view)); + INSIST(view != NULL); + + num_zones = count_zones(config); + + CHECK(setup_newzones(view, config, NULL, conf_parser, + ns_g_aclconfctx)); + + nzctx = view->new_zone_config; + if (nzctx != NULL && nzctx->nzconfig != NULL) + num_zones += count_zones(nzctx->nzconfig); + + dns_view_detach(&view); + } + + /* + * Zones have been counted; set the zone manager task pool size. + */ + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "sizing zone task pool based on %d zones", num_zones); + CHECK(dns_zonemgr_setsize(ns_g_server->zonemgr, num_zones)); + + /* + * Configure and freeze all explicit views. Explicit + * views that have zones were already created at parsing + * time, but views with no zones must be created here. + */ + for (element = cfg_list_first(views); + element != NULL; + element = cfg_list_next(element)) + { + cfg_obj_t *vconfig = cfg_listelt_value(element); + + view = NULL; + CHECK(find_view(vconfig, &viewlist, &view)); + CHECK(configure_view(view, config, vconfig, + &cachelist, bindkeys, ns_g_mctx, + ns_g_aclconfctx, ISC_TRUE)); dns_view_freeze(view); dns_view_detach(&view); } @@ -4629,16 +4795,11 @@ load_configuration(const char *filename, ns_server_t *server, * were no explicit views. */ if (views == NULL) { - /* - * No explicit views; there ought to be a default view. - * There may already be one created as a side effect - * of zone statements, or we may have to create one. - * In either case, we need to configure and freeze it. - */ - CHECK(create_view(NULL, &viewlist, &view)); - CHECK(configure_view(view, conf_parser, config, NULL, + view = NULL; + CHECK(find_view(NULL, &viewlist, &view)); + CHECK(configure_view(view, config, NULL, &cachelist, bindkeys, - ns_g_mctx, &aclconfctx, ISC_TRUE)); + ns_g_mctx, ns_g_aclconfctx, ISC_TRUE)); dns_view_freeze(view); dns_view_detach(&view); } @@ -4656,9 +4817,9 @@ load_configuration(const char *filename, ns_server_t *server, cfg_obj_t *vconfig = cfg_listelt_value(element); CHECK(create_view(vconfig, &builtin_viewlist, &view)); - CHECK(configure_view(view, conf_parser, config, vconfig, + CHECK(configure_view(view, config, vconfig, &cachelist, bindkeys, - ns_g_mctx, &aclconfctx, ISC_FALSE)); + ns_g_mctx, ns_g_aclconfctx, ISC_FALSE)); dns_view_freeze(view); dns_view_detach(&view); view = NULL; @@ -4699,7 +4860,7 @@ load_configuration(const char *filename, ns_server_t *server, * Bind the control port(s). */ CHECKM(ns_controls_configure(ns_g_server->controls, config, - &aclconfctx), + ns_g_aclconfctx), "binding control channel(s)"); /* @@ -4941,8 +5102,6 @@ load_configuration(const char *filename, ns_server_t *server, if (v6portset != NULL) isc_portset_destroy(ns_g_mctx, &v6portset); - cfg_aclconfctx_clear(&aclconfctx); - if (conf_parser != NULL) { if (config != NULL) cfg_obj_destroy(conf_parser, &config); @@ -5149,6 +5308,9 @@ shutdown_server(isc_task_t *task, isc_event_t *event) { end_reserved_dispatches(server, ISC_TRUE); cleanup_session_key(server, server->mctx); + if (ns_g_aclconfctx != NULL) + cfg_aclconfctx_detach(&ns_g_aclconfctx); + cfg_obj_destroy(ns_g_parser, &ns_g_config); cfg_parser_destroy(&ns_g_parser); @@ -5200,8 +5362,8 @@ shutdown_server(isc_task_t *task, isc_event_t *event) { void ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { isc_result_t result; - ns_server_t *server = isc_mem_get(mctx, sizeof(*server)); + if (server == NULL) fatal("allocating server object", ISC_R_NOMEMORY); @@ -5274,6 +5436,8 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { CHECKFATAL(dns_zonemgr_create(ns_g_mctx, ns_g_taskmgr, ns_g_timermgr, ns_g_socketmgr, &server->zonemgr), "dns_zonemgr_create"); + CHECKFATAL(dns_zonemgr_setsize(server->zonemgr, 1000), + "dns_zonemgr_setsize"); server->statsfile = isc_mem_strdup(server->mctx, "named.stats"); CHECKFATAL(server->statsfile == NULL ? ISC_R_NOMEMORY : ISC_R_SUCCESS, @@ -5383,7 +5547,8 @@ ns_server_destroy(ns_server_t **serverp) { if (server->server_id != NULL) isc_mem_free(server->mctx, server->server_id); - dns_zonemgr_detach(&server->zonemgr); + if (server->zonemgr != NULL) + dns_zonemgr_detach(&server->zonemgr); if (server->tkeyctx != NULL) dns_tkeyctx_destroy(&server->tkeyctx); @@ -5947,7 +6112,6 @@ ns_server_dumpstats(ns_server_t *server) { "could not open statistics dump file", server->statsfile); result = ns_stats_dump(server, fp); - CHECK(result); cleanup: if (fp != NULL) @@ -6135,6 +6299,7 @@ dumpdone(void *arg, isc_result_t result) { fprintf(dctx->fp, "; %s\n", dns_result_totext(result)); result = ISC_R_SUCCESS; + POST(result); goto nextzone; } if (result != ISC_R_SUCCESS) @@ -6260,28 +6425,29 @@ ns_server_dumpsecroots(ns_server_t *server, char *args) { isc_time_formattimestamp(&now, tbuf, sizeof(tbuf)); fprintf(fp, "%s\n", tbuf); - nextview: - for (view = ISC_LIST_HEAD(server->viewlist); - view != NULL; - view = ISC_LIST_NEXT(view, link)) - { - if (ptr != NULL && strcmp(view->name, ptr) != 0) - continue; - if (secroots != NULL) - dns_keytable_detach(&secroots); - result = dns_view_getsecroots(view, &secroots); - if (result == ISC_R_NOTFOUND) { - result = ISC_R_SUCCESS; - continue; + do { + for (view = ISC_LIST_HEAD(server->viewlist); + view != NULL; + view = ISC_LIST_NEXT(view, link)) + { + if (ptr != NULL && strcmp(view->name, ptr) != 0) + continue; + if (secroots != NULL) + dns_keytable_detach(&secroots); + result = dns_view_getsecroots(view, &secroots); + if (result == ISC_R_NOTFOUND) { + result = ISC_R_SUCCESS; + continue; + } + fprintf(fp, "\n Start view %s\n\n", view->name); + result = dns_keytable_dump(secroots, fp); + if (result != ISC_R_SUCCESS) + fprintf(fp, " dumpsecroots failed: %s\n", + isc_result_totext(result)); } - fprintf(fp, "\n Start view %s\n\n", view->name); - CHECK(dns_keytable_dump(secroots, fp)); - } - if (ptr != NULL) { - ptr = next_token(&args, " \t"); if (ptr != NULL) - goto nextview; - } + ptr = next_token(&args, " \t"); + } while (ptr != NULL); cleanup: if (secroots != NULL) @@ -7188,7 +7354,7 @@ ns_server_add_zone(ns_server_t *server, char *args) { /* Mark view unfrozen so that zone can be added */ dns_view_thaw(view); result = configure_zone(cfg->config, parms, vconfig, - server->mctx, view, &cfg->actx, ISC_FALSE); + server->mctx, view, cfg->actx, ISC_FALSE); dns_view_freeze(view); if (result != ISC_R_SUCCESS) { goto cleanup; @@ -7437,23 +7603,27 @@ ns_server_del_zone(ns_server_t *server, char *args) { } static void -cfgctx_destroy(void **cfgp) { +newzone_cfgctx_destroy(void **cfgp) { struct cfg_context *cfg; - isc_mem_t *mctx; REQUIRE(cfgp != NULL && *cfgp != NULL); + cfg = *cfgp; - mctx = cfg->mctx; - cfg->mctx = NULL; + + if (cfg->actx != NULL) + cfg_aclconfctx_detach(&cfg->actx); if (cfg->parser != NULL) { if (cfg->config != NULL) cfg_obj_destroy(cfg->parser, &cfg->config); cfg_parser_destroy(&cfg->parser); } - cfg_aclconfctx_clear(&cfg->actx); + if (cfg->nzparser != NULL) { + if (cfg->nzconfig != NULL) + cfg_obj_destroy(cfg->nzparser, &cfg->nzconfig); + cfg_parser_destroy(&cfg->nzparser); + } - isc_mem_put(mctx, cfg, sizeof(*cfg)); - isc_mem_detach(&mctx); + isc_mem_putanddetach(&cfg->mctx, cfg, sizeof(*cfg)); *cfgp = NULL; } diff --git a/contrib/bind9/bin/named/statschannel.c b/contrib/bind9/bin/named/statschannel.c index 6dce8e0a77c5f..1f726941a004f 100644 --- a/contrib/bind9/bin/named/statschannel.c +++ b/contrib/bind9/bin/named/statschannel.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: statschannel.c,v 1.26 2010-02-04 23:49:13 tbox Exp $ */ +/* $Id: statschannel.c,v 1.26.150.2 2011-03-12 04:59:14 tbox Exp $ */ /*! \file */ @@ -638,7 +638,7 @@ rdatasetstats_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) { static void opcodestat_dump(dns_opcode_t code, isc_uint64_t val, void *arg) { - FILE *fp = arg; + FILE *fp; isc_buffer_t b; char codebuf[64]; stats_dumparg_t *dumparg = arg; diff --git a/contrib/bind9/bin/named/unix/Makefile.in b/contrib/bind9/bin/named/unix/Makefile.in index ca92c49b5c78d..a7155a0e358af 100644 --- a/contrib/bind9/bin/named/unix/Makefile.in +++ b/contrib/bind9/bin/named/unix/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1999-2001 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.13 2009-12-05 23:31:40 each Exp $ +# $Id: Makefile.in,v 1.13.244.2 2011-03-10 23:47:26 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -22,14 +22,15 @@ top_srcdir = @top_srcdir@ @BIND9_MAKE_INCLUDES@ CINCLUDES = -I${srcdir}/include -I${srcdir}/../include \ + ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} \ ${DNS_INCLUDES} ${ISC_INCLUDES} CDEFINES = CWARNINGS = -OBJS = os.@O@ +OBJS = os.@O@ dlz_dlopen_driver.@O@ -SRCS = os.c +SRCS = os.c dlz_dlopen_driver.c TARGETS = ${OBJS} diff --git a/contrib/bind9/bin/named/unix/dlz_dlopen_driver.c b/contrib/bind9/bin/named/unix/dlz_dlopen_driver.c new file mode 100644 index 0000000000000..35dbcab65c011 --- /dev/null +++ b/contrib/bind9/bin/named/unix/dlz_dlopen_driver.c @@ -0,0 +1,616 @@ +/* + * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: dlz_dlopen_driver.c,v 1.1.4.4 2011-03-17 09:41:06 fdupont Exp $ */ + +#include <config.h> + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <dlfcn.h> + +#include <dns/log.h> +#include <dns/result.h> +#include <dns/dlz_dlopen.h> + +#include <isc/mem.h> +#include <isc/print.h> +#include <isc/result.h> +#include <isc/util.h> + +#include <named/globals.h> + +#include <dlz/dlz_dlopen_driver.h> + +#ifdef ISC_DLZ_DLOPEN +static dns_sdlzimplementation_t *dlz_dlopen = NULL; + + +typedef struct dlopen_data { + isc_mem_t *mctx; + char *dl_path; + char *dlzname; + void *dl_handle; + void *dbdata; + unsigned int flags; + isc_mutex_t lock; + int version; + isc_boolean_t in_configure; + + dlz_dlopen_version_t *dlz_version; + dlz_dlopen_create_t *dlz_create; + dlz_dlopen_findzonedb_t *dlz_findzonedb; + dlz_dlopen_lookup_t *dlz_lookup; + dlz_dlopen_authority_t *dlz_authority; + dlz_dlopen_allnodes_t *dlz_allnodes; + dlz_dlopen_allowzonexfr_t *dlz_allowzonexfr; + dlz_dlopen_newversion_t *dlz_newversion; + dlz_dlopen_closeversion_t *dlz_closeversion; + dlz_dlopen_configure_t *dlz_configure; + dlz_dlopen_ssumatch_t *dlz_ssumatch; + dlz_dlopen_addrdataset_t *dlz_addrdataset; + dlz_dlopen_subrdataset_t *dlz_subrdataset; + dlz_dlopen_delrdataset_t *dlz_delrdataset; + dlz_dlopen_destroy_t *dlz_destroy; +} dlopen_data_t; + +/* Modules can choose whether they are lock-safe or not. */ +#define MAYBE_LOCK(cd) \ + do { \ + if ((cd->flags & DNS_SDLZFLAG_THREADSAFE) == 0 && \ + cd->in_configure == ISC_FALSE) \ + LOCK(&cd->lock); \ + } while (0) + +#define MAYBE_UNLOCK(cd) \ + do { \ + if ((cd->flags & DNS_SDLZFLAG_THREADSAFE) == 0 && \ + cd->in_configure == ISC_FALSE) \ + UNLOCK(&cd->lock); \ + } while (0) + +/* + * Log a message at the given level. + */ +static void dlopen_log(int level, const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + isc_log_vwrite(dns_lctx, DNS_LOGCATEGORY_DATABASE, + DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(level), + fmt, ap); + va_end(ap); +} + +/* + * SDLZ methods + */ + +static isc_result_t +dlopen_dlz_allnodes(const char *zone, void *driverarg, void *dbdata, + dns_sdlzallnodes_t *allnodes) +{ + dlopen_data_t *cd = (dlopen_data_t *) dbdata; + isc_result_t result; + + + UNUSED(driverarg); + + if (cd->dlz_allnodes == NULL) { + return (ISC_R_NOPERM); + } + + MAYBE_LOCK(cd); + result = cd->dlz_allnodes(zone, cd->dbdata, allnodes); + MAYBE_UNLOCK(cd); + return (result); +} + + +static isc_result_t +dlopen_dlz_allowzonexfr(void *driverarg, void *dbdata, const char *name, + const char *client) +{ + dlopen_data_t *cd = (dlopen_data_t *) dbdata; + isc_result_t result; + + UNUSED(driverarg); + + + if (cd->dlz_allowzonexfr == NULL) { + return (ISC_R_NOPERM); + } + + MAYBE_LOCK(cd); + result = cd->dlz_allowzonexfr(cd->dbdata, name, client); + MAYBE_UNLOCK(cd); + return (result); +} + +static isc_result_t +dlopen_dlz_authority(const char *zone, void *driverarg, void *dbdata, + dns_sdlzlookup_t *lookup) +{ + dlopen_data_t *cd = (dlopen_data_t *) dbdata; + isc_result_t result; + + UNUSED(driverarg); + + if (cd->dlz_authority == NULL) { + return (ISC_R_NOTIMPLEMENTED); + } + + MAYBE_LOCK(cd); + result = cd->dlz_authority(zone, cd->dbdata, lookup); + MAYBE_UNLOCK(cd); + return (result); +} + +static isc_result_t +dlopen_dlz_findzonedb(void *driverarg, void *dbdata, const char *name) +{ + dlopen_data_t *cd = (dlopen_data_t *) dbdata; + isc_result_t result; + + UNUSED(driverarg); + + MAYBE_LOCK(cd); + result = cd->dlz_findzonedb(cd->dbdata, name); + MAYBE_UNLOCK(cd); + return (result); +} + + +static isc_result_t +dlopen_dlz_lookup(const char *zone, const char *name, void *driverarg, + void *dbdata, dns_sdlzlookup_t *lookup) +{ + dlopen_data_t *cd = (dlopen_data_t *) dbdata; + isc_result_t result; + + UNUSED(driverarg); + + MAYBE_LOCK(cd); + result = cd->dlz_lookup(zone, name, cd->dbdata, lookup); + MAYBE_UNLOCK(cd); + return (result); +} + +/* + * Load a symbol from the library + */ +static void * +dl_load_symbol(dlopen_data_t *cd, const char *symbol, isc_boolean_t mandatory) { + void *ptr = dlsym(cd->dl_handle, symbol); + if (ptr == NULL && mandatory) { + dlopen_log(ISC_LOG_ERROR, + "dlz_dlopen: library '%s' is missing " + "required symbol '%s'", cd->dl_path, symbol); + } + return (ptr); +} + +/* + * Called at startup for each dlopen zone in named.conf + */ +static isc_result_t +dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[], + void *driverarg, void **dbdata) +{ + dlopen_data_t *cd; + isc_mem_t *mctx = NULL; + isc_result_t result = ISC_R_FAILURE; + int dlopen_flags = 0; + + UNUSED(driverarg); + + if (argc < 2) { + dlopen_log(ISC_LOG_ERROR, + "dlz_dlopen driver for '%s' needs a path to " + "the shared library", dlzname); + return (ISC_R_FAILURE); + } + + isc_mem_create(0, 0, &mctx); + + cd = isc_mem_get(mctx, sizeof(*cd)); + if (cd == NULL) { + isc_mem_destroy(&mctx); + return (ISC_R_NOMEMORY); + } + memset(cd, 0, sizeof(*cd)); + + cd->mctx = mctx; + + cd->dl_path = isc_mem_strdup(cd->mctx, argv[1]); + if (cd->dl_path == NULL) { + goto failed; + } + + cd->dlzname = isc_mem_strdup(cd->mctx, dlzname); + if (cd->dlzname == NULL) { + goto failed; + } + + /* Initialize the lock */ + isc_mutex_init(&cd->lock); + + /* Open the library */ + dlopen_flags = RTLD_NOW; + +#ifdef RTLD_DEEPBIND + /* + * If RTLD_DEEPBIND is available then use it. This can avoid + * issues with a module using a different version of a system + * library than one that bind9 uses. For example, bind9 may link + * to MIT kerberos, but the module may use Heimdal. If we don't + * use RTLD_DEEPBIND then we could end up with Heimdal functions + * calling MIT functions, which leads to bizarre results (usually + * a segfault). + */ + dlopen_flags |= RTLD_DEEPBIND; +#endif + + cd->dl_handle = dlopen(cd->dl_path, dlopen_flags); + if (cd->dl_handle == NULL) { + dlopen_log(ISC_LOG_ERROR, + "dlz_dlopen failed to open library '%s' - %s", + cd->dl_path, dlerror()); + goto failed; + } + + /* Find the symbols */ + cd->dlz_version = (dlz_dlopen_version_t *) + dl_load_symbol(cd, "dlz_version", ISC_TRUE); + cd->dlz_create = (dlz_dlopen_create_t *) + dl_load_symbol(cd, "dlz_create", ISC_TRUE); + cd->dlz_lookup = (dlz_dlopen_lookup_t *) + dl_load_symbol(cd, "dlz_lookup", ISC_TRUE); + cd->dlz_findzonedb = (dlz_dlopen_findzonedb_t *) + dl_load_symbol(cd, "dlz_findzonedb", ISC_TRUE); + + if (cd->dlz_create == NULL || + cd->dlz_lookup == NULL || + cd->dlz_findzonedb == NULL) + { + /* We're missing a required symbol */ + goto failed; + } + + cd->dlz_allowzonexfr = (dlz_dlopen_allowzonexfr_t *) + dl_load_symbol(cd, "dlz_allowzonexfr", ISC_FALSE); + cd->dlz_allnodes = (dlz_dlopen_allnodes_t *) + dl_load_symbol(cd, "dlz_allnodes", + ISC_TF(cd->dlz_allowzonexfr != NULL)); + cd->dlz_authority = (dlz_dlopen_authority_t *) + dl_load_symbol(cd, "dlz_authority", ISC_FALSE); + cd->dlz_newversion = (dlz_dlopen_newversion_t *) + dl_load_symbol(cd, "dlz_newversion", ISC_FALSE); + cd->dlz_closeversion = (dlz_dlopen_closeversion_t *) + dl_load_symbol(cd, "dlz_closeversion", + ISC_TF(cd->dlz_newversion != NULL)); + cd->dlz_configure = (dlz_dlopen_configure_t *) + dl_load_symbol(cd, "dlz_configure", ISC_FALSE); + cd->dlz_ssumatch = (dlz_dlopen_ssumatch_t *) + dl_load_symbol(cd, "dlz_ssumatch", ISC_FALSE); + cd->dlz_addrdataset = (dlz_dlopen_addrdataset_t *) + dl_load_symbol(cd, "dlz_addrdataset", ISC_FALSE); + cd->dlz_subrdataset = (dlz_dlopen_subrdataset_t *) + dl_load_symbol(cd, "dlz_subrdataset", ISC_FALSE); + cd->dlz_delrdataset = (dlz_dlopen_delrdataset_t *) + dl_load_symbol(cd, "dlz_delrdataset", ISC_FALSE); + + /* Check the version of the API is the same */ + cd->version = cd->dlz_version(&cd->flags); + if (cd->version != DLZ_DLOPEN_VERSION) { + dlopen_log(ISC_LOG_ERROR, + "dlz_dlopen: incorrect version %d " + "should be %d in '%s'", + cd->version, DLZ_DLOPEN_VERSION, cd->dl_path); + goto failed; + } + + /* + * Call the library's create function. Note that this is an + * extended version of dlz create, with the addition of + * named function pointers for helper functions that the + * driver will need. This avoids the need for the backend to + * link the BIND9 libraries + */ + MAYBE_LOCK(cd); + result = cd->dlz_create(dlzname, argc-1, argv+1, + &cd->dbdata, + "log", dlopen_log, + "putrr", dns_sdlz_putrr, + "putnamedrr", dns_sdlz_putnamedrr, + "writeable_zone", dns_dlz_writeablezone, + NULL); + MAYBE_UNLOCK(cd); + if (result != ISC_R_SUCCESS) + goto failed; + + *dbdata = cd; + + return (ISC_R_SUCCESS); + +failed: + dlopen_log(ISC_LOG_ERROR, "dlz_dlopen of '%s' failed", dlzname); + if (cd->dl_path) + isc_mem_free(mctx, cd->dl_path); + if (cd->dlzname) + isc_mem_free(mctx, cd->dlzname); + if (dlopen_flags) + (void) isc_mutex_destroy(&cd->lock); +#ifdef HAVE_DLCLOSE + if (cd->dl_handle) + dlclose(cd->dl_handle); +#endif + isc_mem_put(mctx, cd, sizeof(*cd)); + isc_mem_destroy(&mctx); + return (result); +} + + +/* + * Called when bind is shutting down + */ +static void +dlopen_dlz_destroy(void *driverarg, void *dbdata) { + dlopen_data_t *cd = (dlopen_data_t *) dbdata; + isc_mem_t *mctx; + + UNUSED(driverarg); + + if (cd->dlz_destroy) { + MAYBE_LOCK(cd); + cd->dlz_destroy(cd->dbdata); + MAYBE_UNLOCK(cd); + } + + if (cd->dl_path) + isc_mem_free(cd->mctx, cd->dl_path); + if (cd->dlzname) + isc_mem_free(cd->mctx, cd->dlzname); + +#ifdef HAVE_DLCLOSE + if (cd->dl_handle) + dlclose(cd->dl_handle); +#endif + + (void) isc_mutex_destroy(&cd->lock); + + mctx = cd->mctx; + isc_mem_put(mctx, cd, sizeof(*cd)); + isc_mem_destroy(&mctx); +} + +/* + * Called to start a transaction + */ +static isc_result_t +dlopen_dlz_newversion(const char *zone, void *driverarg, void *dbdata, + void **versionp) +{ + dlopen_data_t *cd = (dlopen_data_t *) dbdata; + isc_result_t result; + + UNUSED(driverarg); + + if (cd->dlz_newversion == NULL) + return (ISC_R_NOTIMPLEMENTED); + + MAYBE_LOCK(cd); + result = cd->dlz_newversion(zone, cd->dbdata, versionp); + MAYBE_UNLOCK(cd); + return (result); +} + +/* + * Called to end a transaction + */ +static void +dlopen_dlz_closeversion(const char *zone, isc_boolean_t commit, + void *driverarg, void *dbdata, void **versionp) +{ + dlopen_data_t *cd = (dlopen_data_t *) dbdata; + + UNUSED(driverarg); + + if (cd->dlz_newversion == NULL) { + *versionp = NULL; + return; + } + + MAYBE_LOCK(cd); + cd->dlz_closeversion(zone, commit, cd->dbdata, versionp); + MAYBE_UNLOCK(cd); +} + +/* + * Called on startup to configure any writeable zones + */ +static isc_result_t +dlopen_dlz_configure(dns_view_t *view, void *driverarg, void *dbdata) { + dlopen_data_t *cd = (dlopen_data_t *) dbdata; + isc_result_t result; + + UNUSED(driverarg); + + if (cd->dlz_configure == NULL) + return (ISC_R_SUCCESS); + + MAYBE_LOCK(cd); + cd->in_configure = ISC_TRUE; + result = cd->dlz_configure(view, cd->dbdata); + cd->in_configure = ISC_FALSE; + MAYBE_UNLOCK(cd); + + return (result); +} + + +/* + * Check for authority to change a name + */ +static isc_boolean_t +dlopen_dlz_ssumatch(const char *signer, const char *name, const char *tcpaddr, + const char *type, const char *key, isc_uint32_t keydatalen, + unsigned char *keydata, void *driverarg, void *dbdata) +{ + dlopen_data_t *cd = (dlopen_data_t *) dbdata; + isc_boolean_t ret; + + UNUSED(driverarg); + + if (cd->dlz_ssumatch == NULL) + return (ISC_FALSE); + + MAYBE_LOCK(cd); + ret = cd->dlz_ssumatch(signer, name, tcpaddr, type, key, keydatalen, + keydata, cd->dbdata); + MAYBE_UNLOCK(cd); + + return (ret); +} + + +/* + * Add an rdataset + */ +static isc_result_t +dlopen_dlz_addrdataset(const char *name, const char *rdatastr, + void *driverarg, void *dbdata, void *version) +{ + dlopen_data_t *cd = (dlopen_data_t *) dbdata; + isc_result_t result; + + UNUSED(driverarg); + + if (cd->dlz_addrdataset == NULL) + return (ISC_R_NOTIMPLEMENTED); + + MAYBE_LOCK(cd); + result = cd->dlz_addrdataset(name, rdatastr, cd->dbdata, version); + MAYBE_UNLOCK(cd); + + return (result); +} + +/* + * Subtract an rdataset + */ +static isc_result_t +dlopen_dlz_subrdataset(const char *name, const char *rdatastr, + void *driverarg, void *dbdata, void *version) +{ + dlopen_data_t *cd = (dlopen_data_t *) dbdata; + isc_result_t result; + + UNUSED(driverarg); + + if (cd->dlz_subrdataset == NULL) + return (ISC_R_NOTIMPLEMENTED); + + MAYBE_LOCK(cd); + result = cd->dlz_subrdataset(name, rdatastr, cd->dbdata, version); + MAYBE_UNLOCK(cd); + + return (result); +} + +/* + delete a rdataset + */ +static isc_result_t +dlopen_dlz_delrdataset(const char *name, const char *type, + void *driverarg, void *dbdata, void *version) +{ + dlopen_data_t *cd = (dlopen_data_t *) dbdata; + isc_result_t result; + + UNUSED(driverarg); + + if (cd->dlz_delrdataset == NULL) + return (ISC_R_NOTIMPLEMENTED); + + MAYBE_LOCK(cd); + result = cd->dlz_delrdataset(name, type, cd->dbdata, version); + MAYBE_UNLOCK(cd); + + return (result); +} + + +static dns_sdlzmethods_t dlz_dlopen_methods = { + dlopen_dlz_create, + dlopen_dlz_destroy, + dlopen_dlz_findzonedb, + dlopen_dlz_lookup, + dlopen_dlz_authority, + dlopen_dlz_allnodes, + dlopen_dlz_allowzonexfr, + dlopen_dlz_newversion, + dlopen_dlz_closeversion, + dlopen_dlz_configure, + dlopen_dlz_ssumatch, + dlopen_dlz_addrdataset, + dlopen_dlz_subrdataset, + dlopen_dlz_delrdataset +}; +#endif + +/* + * Register driver with BIND + */ +isc_result_t +dlz_dlopen_init(isc_mem_t *mctx) { +#ifndef ISC_DLZ_DLOPEN + UNUSED(mctx); + return (ISC_R_NOTIMPLEMENTED); +#else + isc_result_t result; + + dlopen_log(2, "Registering DLZ_dlopen driver"); + + result = dns_sdlzregister("dlopen", &dlz_dlopen_methods, NULL, + DNS_SDLZFLAG_RELATIVEOWNER | + DNS_SDLZFLAG_THREADSAFE, + mctx, &dlz_dlopen); + + if (result != ISC_R_SUCCESS) { + UNEXPECTED_ERROR(__FILE__, __LINE__, + "dns_sdlzregister() failed: %s", + isc_result_totext(result)); + result = ISC_R_UNEXPECTED; + } + + return (result); +#endif +} + + +/* + * Unregister the driver + */ +void +dlz_dlopen_clear(void) { +#ifdef ISC_DLZ_DLOPEN + dlopen_log(2, "Unregistering DLZ_dlopen driver"); + if (dlz_dlopen != NULL) + dns_sdlzunregister(&dlz_dlopen); +#endif +} diff --git a/contrib/bind9/bin/named/unix/os.c b/contrib/bind9/bin/named/unix/os.c index 53e9e4501249a..5fd6547386005 100644 --- a/contrib/bind9/bin/named/unix/os.c +++ b/contrib/bind9/bin/named/unix/os.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.c,v 1.104 2010-11-17 23:47:08 tbox Exp $ */ +/* $Id: os.c,v 1.104.38.3 2011-03-02 00:04:01 marka Exp $ */ /*! \file */ @@ -790,6 +790,9 @@ ns_os_openfile(const char *filename, mode_t mode, isc_boolean_t switch_user) { free(f); if (switch_user && runas_pw != NULL) { +#ifndef HAVE_LINUXTHREADS + gid_t oldgid = getgid(); +#endif /* Set UID/GID to the one we'll be running with eventually */ setperms(runas_pw->pw_uid, runas_pw->pw_gid); @@ -797,7 +800,7 @@ ns_os_openfile(const char *filename, mode_t mode, isc_boolean_t switch_user) { #ifndef HAVE_LINUXTHREADS /* Restore UID/GID to root */ - setperms(0, 0); + setperms(0, oldgid); #endif /* HAVE_LINUXTHREADS */ if (fd == -1) { @@ -950,7 +953,7 @@ ns_os_shutdownmsg(char *command, isc_buffer_t *text) { isc_buffer_availablelength(text), "pid: %ld", (long)pid); /* Only send a message if it is complete. */ - if (n < isc_buffer_availablelength(text)) + if (n > 0 && n < isc_buffer_availablelength(text)) isc_buffer_add(text, n); } diff --git a/contrib/bind9/bin/named/update.c b/contrib/bind9/bin/named/update.c index eb1ed1d64ef9c..c99db5f8c46cd 100644 --- a/contrib/bind9/bin/named/update.c +++ b/contrib/bind9/bin/named/update.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: update.c,v 1.186.16.1.2.1 2011-06-02 23:47:28 tbox Exp $ */ +/* $Id: update.c,v 1.186.16.5 2011-03-25 23:53:52 each Exp $ */ #include <config.h> @@ -1692,7 +1692,7 @@ next_active(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, { isc_result_t result; dns_dbiterator_t *dbit = NULL; - isc_boolean_t has_nsec; + isc_boolean_t has_nsec = ISC_FALSE; unsigned int wraps = 0; isc_boolean_t secure = dns_db_issecure(db); @@ -2395,7 +2395,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, name, diff)); } CHECK(add_exposed_sigs(client, zone, db, newver, name, - cut, diff, zone_keys, nkeys, + cut, &sig_diff, zone_keys, nkeys, inception, expire, check_ksk, keyset_kskonly)); } @@ -2554,7 +2554,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, privatetype, &nsec_diff)); } else { CHECK(add_exposed_sigs(client, zone, db, newver, name, - cut, diff, zone_keys, nkeys, + cut, &sig_diff, zone_keys, nkeys, inception, expire, check_ksk, keyset_kskonly)); CHECK(dns_nsec3_addnsec3sx(db, newver, name, nsecttl, @@ -3734,7 +3734,6 @@ update_action(isc_task_t *task, isc_event_t *event) { * Check Requestor's Permissions. It seems a bit silly to do this * only after prerequisite testing, but that is what RFC2136 says. */ - result = ISC_R_SUCCESS; if (ssutable == NULL) CHECK(checkupdateacl(client, dns_zone_getupdateacl(zone), "update", zonename, ISC_FALSE, ISC_FALSE)); diff --git a/contrib/bind9/bin/named/xfrout.c b/contrib/bind9/bin/named/xfrout.c index b036ed14d57f5..83c64f27954e7 100644 --- a/contrib/bind9/bin/named/xfrout.c +++ b/contrib/bind9/bin/named/xfrout.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: xfrout.c,v 1.139 2010-12-18 01:56:19 each Exp $ */ +/* $Id: xfrout.c,v 1.139.16.3 2011-07-28 04:30:54 marka Exp $ */ #include <config.h> @@ -28,9 +28,7 @@ #include <dns/db.h> #include <dns/dbiterator.h> -#ifdef DLZ #include <dns/dlz.h> -#endif #include <dns/fixedname.h> #include <dns/journal.h> #include <dns/message.h> @@ -752,9 +750,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { char msg[NS_CLIENT_ACLMSGSIZE("zone transfer")]; char keyname[DNS_NAME_FORMATSIZE]; isc_boolean_t is_poll = ISC_FALSE; -#ifdef DLZ isc_boolean_t is_dlz = ISC_FALSE; -#endif switch (reqtype) { case dns_rdatatype_axfr: @@ -806,9 +802,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { result = dns_zt_find(client->view->zonetable, question_name, 0, NULL, &zone); - if (result != ISC_R_SUCCESS) -#ifdef DLZ - { + if (result != ISC_R_SUCCESS) { /* * Normal zone table does not have a match. * Try the DLZ database @@ -836,10 +830,8 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { goto failure; } if (result != ISC_R_SUCCESS) -#endif - FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", - question_name, question_class); -#ifdef DLZ + FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", + question_name, question_class); is_dlz = ISC_TRUE; /* * DLZ only support full zone transfer, not incremental @@ -859,7 +851,6 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { } } else { /* zone table has a match */ -#endif switch(dns_zone_gettype(zone)) { case dns_zone_master: case dns_zone_slave: @@ -870,9 +861,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { } CHECK(dns_zone_getdb(zone, &db)); dns_db_currentversion(db, &ver); -#ifdef DLZ } -#endif xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(6), "%s question section OK", mnemonic); @@ -926,22 +915,15 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { "%s authority section OK", mnemonic); /* - * Decide whether to allow this transfer. - */ -#ifdef DLZ - /* - * if not a DLZ zone decide whether to allow this transfer. + * If not a DLZ zone, decide whether to allow this transfer. */ if (!is_dlz) { -#endif ns_client_aclmsg("zone transfer", question_name, reqtype, client->view->rdclass, msg, sizeof(msg)); CHECK(ns_client_checkacl(client, NULL, msg, dns_zone_getxfracl(zone), ISC_TRUE, ISC_LOG_ERROR)); -#ifdef DLZ } -#endif /* * AXFR over UDP is not possible. @@ -965,10 +947,9 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { /* * Get a dynamically allocated copy of the current SOA. */ -#ifdef DLZ if (is_dlz) dns_db_currentversion(db, &ver); -#endif + CHECK(dns_db_createsoatuple(db, ver, mctx, DNS_DIFFOP_EXISTS, ¤t_soa_tuple)); @@ -1054,7 +1035,6 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { -#ifdef DLZ if (is_dlz) CHECK(xfrout_ctx_create(mctx, client, request->id, question_name, reqtype, question_class, @@ -1067,7 +1047,6 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { ISC_TRUE : ISC_FALSE, &xfr)); else -#endif CHECK(xfrout_ctx_create(mctx, client, request->id, question_name, reqtype, question_class, zone, db, ver, quota, stream, @@ -1085,9 +1064,9 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) { CHECK(xfr->stream->methods->first(xfr->stream)); - if (xfr->tsigkey != NULL) { + if (xfr->tsigkey != NULL) dns_name_format(&xfr->tsigkey->name, keyname, sizeof(keyname)); - } else + else keyname[0] = '\0'; if (is_poll) xfrout_log1(client, question_name, question_class, @@ -1157,7 +1136,8 @@ xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client, unsigned int id, xfr = isc_mem_get(mctx, sizeof(*xfr)); if (xfr == NULL) return (ISC_R_NOMEMORY); - xfr->mctx = mctx; + xfr->mctx = NULL; + isc_mem_attach(mctx, &xfr->mctx); xfr->client = NULL; ns_client_attach(client, &xfr->client); xfr->id = id; @@ -1531,6 +1511,7 @@ sendstream(xfrout_ctx_t *xfr) { static void xfrout_ctx_destroy(xfrout_ctx_t **xfrp) { xfrout_ctx_t *xfr = *xfrp; + ns_client_t *client = NULL; INSIST(xfr->sends == 0); @@ -1554,9 +1535,14 @@ xfrout_ctx_destroy(xfrout_ctx_t **xfrp) { if (xfr->db != NULL) dns_db_detach(&xfr->db); + /* + * We want to detch the client after we have released the memory + * context as ns_client_detach checks the memory reference count. + */ + ns_client_attach(xfr->client, &client); ns_client_detach(&xfr->client); - - isc_mem_put(xfr->mctx, xfr, sizeof(*xfr)); + isc_mem_putanddetach(&xfr->mctx, xfr, sizeof(*xfr)); + ns_client_detach(&client); *xfrp = NULL; } diff --git a/contrib/bind9/bin/named/zoneconf.c b/contrib/bind9/bin/named/zoneconf.c index eb93f1bbe45b4..a3e713b4e94d8 100644 --- a/contrib/bind9/bin/named/zoneconf.c +++ b/contrib/bind9/bin/named/zoneconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zoneconf.c,v 1.170 2011-01-06 23:47:00 tbox Exp $ */ +/* $Id: zoneconf.c,v 1.170.14.4 2011-05-23 20:56:10 each Exp $ */ /*% */ @@ -127,7 +127,7 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig, /* First check to see if ACL is defined within the zone */ if (zconfig != NULL) { maps[0] = cfg_tuple_get(zconfig, "options"); - ns_config_get(maps, aclname, &aclobj); + (void)ns_config_get(maps, aclname, &aclobj); if (aclobj != NULL) { aclp = NULL; goto parse_acl; @@ -155,7 +155,7 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig, maps[i++] = ns_g_defaults; maps[i] = NULL; - result = ns_config_get(maps, aclname, &aclobj); + (void)ns_config_get(maps, aclname, &aclobj); if (aclobj == NULL) { (*clearzacl)(zone); return (ISC_R_SUCCESS); @@ -605,7 +605,8 @@ configure_staticstub(const cfg_obj_t *zconfig, dns_zone_t *zone, /* Prepare zone RRs from the configuration */ obj = NULL; result = cfg_map_get(zconfig, "server-addresses", &obj); - if (obj != NULL) { + if (result == ISC_R_SUCCESS) { + INSIST(obj != NULL); result = configure_staticstub_serveraddrs(obj, zone, &rdatalist_ns, &rdatalist_a, @@ -616,7 +617,8 @@ configure_staticstub(const cfg_obj_t *zconfig, dns_zone_t *zone, obj = NULL; result = cfg_map_get(zconfig, "server-names", &obj); - if (obj != NULL) { + if (result == ISC_R_SUCCESS) { + INSIST(obj != NULL); result = configure_staticstub_servernames(obj, zone, &rdatalist_ns, zname); @@ -714,7 +716,7 @@ zonetype_fromconfig(const cfg_obj_t *map) { isc_result_t result; result = cfg_map_get(map, "type", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); return (ns_config_getzonetype(obj)); } @@ -778,7 +780,7 @@ checknames(dns_zonetype_t ztype, const cfg_obj_t **maps, INSIST(0); } result = ns_checknames_get(maps, zone, objp); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && objp != NULL && *objp != NULL); } isc_result_t @@ -832,7 +834,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, maps[i++] = options; } maps[i++] = ns_g_defaults; - maps[i++] = NULL; + maps[i] = NULL; if (vconfig != NULL) RETERR(ns_config_getclass(cfg_tuple_get(vconfig, "class"), @@ -934,7 +936,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "dialup", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); if (cfg_obj_isboolean(obj)) { if (cfg_obj_asboolean(obj)) dialup = dns_dialuptype_yes; @@ -957,7 +959,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "zone-statistics", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); zonestats_on = cfg_obj_asboolean(obj); zoneqrystats = NULL; if (zonestats_on) { @@ -976,7 +978,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, if (ztype != dns_zone_stub && ztype != dns_zone_staticstub) { obj = NULL; result = ns_config_get(maps, "notify", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); if (cfg_obj_isboolean(obj)) { if (cfg_obj_asboolean(obj)) notifytype = dns_notifytype_yes; @@ -1012,19 +1014,19 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "notify-source", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); RETERR(dns_zone_setnotifysrc4(zone, cfg_obj_assockaddr(obj))); ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj)); obj = NULL; result = ns_config_get(maps, "notify-source-v6", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); RETERR(dns_zone_setnotifysrc6(zone, cfg_obj_assockaddr(obj))); ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj)); obj = NULL; result = ns_config_get(maps, "notify-to-soa", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setoption(zone, DNS_ZONEOPT_NOTIFYTOSOA, cfg_obj_asboolean(obj)); @@ -1037,17 +1039,17 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "max-transfer-time-out", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setmaxxfrout(zone, cfg_obj_asuint32(obj) * 60); obj = NULL; result = ns_config_get(maps, "max-transfer-idle-out", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setidleout(zone, cfg_obj_asuint32(obj) * 60); obj = NULL; result = ns_config_get(maps, "max-journal-size", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setjournalsize(zone, -1); if (cfg_obj_isstring(obj)) { const char *str = cfg_obj_asstring(obj); @@ -1071,13 +1073,13 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "ixfr-from-differences", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); if (cfg_obj_isboolean(obj)) ixfrdiff = cfg_obj_asboolean(obj); - else if (strcasecmp(cfg_obj_asstring(obj), "master") && + else if (!strcasecmp(cfg_obj_asstring(obj), "master") && ztype == dns_zone_master) ixfrdiff = ISC_TRUE; - else if (strcasecmp(cfg_obj_asstring(obj), "slave") && + else if (!strcasecmp(cfg_obj_asstring(obj), "slave") && ztype == dns_zone_slave) ixfrdiff = ISC_TRUE; else @@ -1100,23 +1102,23 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "notify-delay", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setnotifydelay(zone, cfg_obj_asuint32(obj)); obj = NULL; result = ns_config_get(maps, "check-sibling", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSIBLING, cfg_obj_asboolean(obj)); obj = NULL; result = ns_config_get(maps, "zero-no-soa-ttl", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setzeronosoattl(zone, cfg_obj_asboolean(obj)); obj = NULL; result = ns_config_get(maps, "nsec3-test-zone", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setoption(zone, DNS_ZONEOPT_NSEC3TESTZONE, cfg_obj_asboolean(obj)); } @@ -1145,7 +1147,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "sig-validity-interval", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); { const cfg_obj_t *validity, *resign; @@ -1176,28 +1178,28 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "sig-signing-signatures", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setsignatures(zone, cfg_obj_asuint32(obj)); obj = NULL; result = ns_config_get(maps, "sig-signing-nodes", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setnodes(zone, cfg_obj_asuint32(obj)); obj = NULL; result = ns_config_get(maps, "sig-signing-type", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setprivatetype(zone, cfg_obj_asuint32(obj)); obj = NULL; result = ns_config_get(maps, "update-check-ksk", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setoption(zone, DNS_ZONEOPT_UPDATECHECKKSK, cfg_obj_asboolean(obj)); obj = NULL; result = ns_config_get(maps, "dnssec-dnskey-kskonly", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setoption(zone, DNS_ZONEOPT_DNSKEYKSKONLY, cfg_obj_asboolean(obj)); } else if (ztype == dns_zone_slave) { @@ -1212,7 +1214,6 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, */ if (ztype == dns_zone_master) { isc_boolean_t allow = ISC_FALSE, maint = ISC_FALSE; - isc_boolean_t create = ISC_FALSE; obj = NULL; result = ns_config_get(maps, "check-wildcard", &obj); @@ -1224,7 +1225,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "check-dup-records", &obj); - INSIST(obj != NULL); + INSIST(result == ISC_R_SUCCESS && obj != NULL); if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { fail = ISC_FALSE; check = ISC_TRUE; @@ -1239,7 +1240,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "check-mx", &obj); - INSIST(obj != NULL); + INSIST(result == ISC_R_SUCCESS && obj != NULL); if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { fail = ISC_FALSE; check = ISC_TRUE; @@ -1254,13 +1255,13 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "check-integrity", &obj); - INSIST(obj != NULL); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setoption(zone, DNS_ZONEOPT_CHECKINTEGRITY, cfg_obj_asboolean(obj)); obj = NULL; result = ns_config_get(maps, "check-mx-cname", &obj); - INSIST(obj != NULL); + INSIST(result == ISC_R_SUCCESS && obj != NULL); if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { warn = ISC_TRUE; ignore = ISC_FALSE; @@ -1275,7 +1276,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "check-srv-cname", &obj); - INSIST(obj != NULL); + INSIST(result == ISC_R_SUCCESS && obj != NULL); if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { warn = ISC_TRUE; ignore = ISC_FALSE; @@ -1290,7 +1291,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "dnssec-secure-to-insecure", &obj); - INSIST(obj != NULL); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setoption(zone, DNS_ZONEOPT_SECURETOINSECURE, cfg_obj_asboolean(obj)); @@ -1302,15 +1303,12 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, allow = ISC_TRUE; else if (strcasecmp(arg, "maintain") == 0) allow = maint = ISC_TRUE; - else if (strcasecmp(arg, "create") == 0) - allow = maint = create = ISC_TRUE; else if (strcasecmp(arg, "off") == 0) ; else INSIST(0); dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, allow); dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, maint); - dns_zone_setkeyopt(zone, DNS_ZONEKEY_CREATE, create); } } @@ -1322,7 +1320,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, case dns_zone_stub: count = 0; obj = NULL; - result = cfg_map_get(zoptions, "masters", &obj); + (void)cfg_map_get(zoptions, "masters", &obj); if (obj != NULL) { addrs = NULL; keynames = NULL; @@ -1341,61 +1339,61 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, if (count > 1) { obj = NULL; result = ns_config_get(maps, "multi-master", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); multi = cfg_obj_asboolean(obj); } dns_zone_setoption(zone, DNS_ZONEOPT_MULTIMASTER, multi); obj = NULL; result = ns_config_get(maps, "max-transfer-time-in", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setmaxxfrin(zone, cfg_obj_asuint32(obj) * 60); obj = NULL; result = ns_config_get(maps, "max-transfer-idle-in", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setidlein(zone, cfg_obj_asuint32(obj) * 60); obj = NULL; result = ns_config_get(maps, "max-refresh-time", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setmaxrefreshtime(zone, cfg_obj_asuint32(obj)); obj = NULL; result = ns_config_get(maps, "min-refresh-time", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setminrefreshtime(zone, cfg_obj_asuint32(obj)); obj = NULL; result = ns_config_get(maps, "max-retry-time", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setmaxretrytime(zone, cfg_obj_asuint32(obj)); obj = NULL; result = ns_config_get(maps, "min-retry-time", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setminretrytime(zone, cfg_obj_asuint32(obj)); obj = NULL; result = ns_config_get(maps, "transfer-source", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); RETERR(dns_zone_setxfrsource4(zone, cfg_obj_assockaddr(obj))); ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj)); obj = NULL; result = ns_config_get(maps, "transfer-source-v6", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); RETERR(dns_zone_setxfrsource6(zone, cfg_obj_assockaddr(obj))); ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj)); obj = NULL; result = ns_config_get(maps, "alt-transfer-source", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); RETERR(dns_zone_setaltxfrsource4(zone, cfg_obj_assockaddr(obj))); obj = NULL; result = ns_config_get(maps, "alt-transfer-source-v6", &obj); - INSIST(result == ISC_R_SUCCESS); + INSIST(result == ISC_R_SUCCESS && obj != NULL); RETERR(dns_zone_setaltxfrsource6(zone, cfg_obj_assockaddr(obj))); obj = NULL; @@ -1433,7 +1431,6 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, } -#ifdef DLZ /* * Set up a DLZ zone as writeable */ @@ -1455,7 +1452,6 @@ ns_zone_configure_writeable_dlz(dns_dlzdb_t *dlzdatabase, dns_zone_t *zone, dns_db_detach(&db); return result; } -#endif isc_boolean_t ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig) { |