diff options
| author | Doug Barton <dougb@FreeBSD.org> | 2011-08-02 05:18:50 +0000 |
|---|---|---|
| committer | Doug Barton <dougb@FreeBSD.org> | 2011-08-02 05:18:50 +0000 |
| commit | 0842d663b7cfb84b478ec937fc1dbc640ceae92b (patch) | |
| tree | 4385ddab756952a705f233916d0536e76fe9cc58 /lib/dns | |
| parent | 6a50a75ead6b2f11f0321914c033e8c8670cbb60 (diff) | |
Diffstat (limited to 'lib/dns')
39 files changed, 623 insertions, 318 deletions
diff --git a/lib/dns/Makefile.in b/lib/dns/Makefile.in index dfb8d7f61b5c..fe05b988d5fe 100644 --- a/lib/dns/Makefile.in +++ b/lib/dns/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004-2008, 2010 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2008, 2010, 2011 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2003 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.163.50.2 2010-06-09 23:48:16 tbox Exp $ +# $Id: Makefile.in,v 1.163.50.4 2011-02-28 01:18:43 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -99,9 +99,10 @@ DNSSRCS = acache.c acl.c adb.c byaddr.c \ version.c view.c xfrin.c zone.c zonekey.c zt.c ${OTHERSRCS} SRCS = ${DSTSRCS} ${DNSSRCS} -SUBDIRS = include +SUBDIRS = include TARGETS = include/dns/enumtype.h include/dns/enumclass.h \ include/dns/rdatastruct.h timestamp +TESTDIRS = @UNITTESTS@ DEPENDEXTRA = ./gen -F include/dns/rdatastruct.h \ -s ${srcdir} -d >> Makefile ; diff --git a/lib/dns/adb.c b/lib/dns/adb.c index cd9cadf9412e..4dd11aee5e6e 100644 --- a/lib/dns/adb.c +++ b/lib/dns/adb.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: adb.c,v 1.243.42.6 2010-08-11 23:45:49 tbox Exp $ */ +/* $Id: adb.c,v 1.243.42.10 2011-03-13 03:42:09 marka Exp $ */ /*! \file * @@ -594,6 +594,8 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset, if (rdataset->trust == dns_trust_glue || rdataset->trust == dns_trust_additional) rdataset->ttl = ADB_CACHE_MINIMUM; + else if (rdataset->trust == dns_trust_ultimate) + rdataset->ttl = 0; else rdataset->ttl = ttlclamp(rdataset->ttl); @@ -1853,7 +1855,6 @@ check_expire_name(dns_adbname_t **namep, isc_stdtime_t now) { static void check_stale_name(dns_adb_t *adb, int bucket, isc_stdtime_t now) { int victims, max_victims; - isc_boolean_t result; dns_adbname_t *victim, *next_victim; isc_boolean_t overmem = isc_mem_isovermem(adb->mctx); int scans = 0; @@ -1875,7 +1876,7 @@ check_stale_name(dns_adb_t *adb, int bucket, isc_stdtime_t now) { INSIST(!NAME_DEAD(victim)); scans++; next_victim = ISC_LIST_PREV(victim, plink); - result = check_expire_name(&victim, now); + (void)check_expire_name(&victim, now); if (victim == NULL) { victims++; goto next; @@ -2299,6 +2300,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, REQUIRE((options & DNS_ADBFIND_ADDRESSMASK) != 0); result = ISC_R_UNEXPECTED; + POST(result); wanted_addresses = (options & DNS_ADBFIND_ADDRESSMASK); wanted_fetches = 0; query_pending = 0; @@ -2350,6 +2352,7 @@ dns_adb_createfind(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, */ bucket = DNS_ADB_INVALIDBUCKET; adbname = find_name_and_lock(adb, name, find->options, &bucket); + INSIST(bucket != DNS_ADB_INVALIDBUCKET); if (adb->name_sd[bucket]) { DP(DEF_LEVEL, "dns_adb_createfind: returning ISC_R_SHUTTINGDOWN"); @@ -2704,6 +2707,7 @@ dns_adb_cancelfind(dns_adbfind_t *find) { } UNLOCK(&adb->namelocks[unlock_bucket]); bucket = DNS_ADB_INVALIDBUCKET; + POST(bucket); cleanup: @@ -3472,6 +3476,7 @@ dns_adb_findaddrinfo(dns_adb_t *adb, isc_sockaddr_t *sa, result = ISC_R_SUCCESS; bucket = DNS_ADB_INVALIDBUCKET; entry = find_entry_and_lock(adb, sa, &bucket, now); + INSIST(bucket != DNS_ADB_INVALIDBUCKET); if (adb->entry_sd[bucket]) { result = ISC_R_SHUTTINGDOWN; goto unlock; diff --git a/lib/dns/cache.c b/lib/dns/cache.c index 28ead664f9e7..5ecbc26c0b5b 100644 --- a/lib/dns/cache.c +++ b/lib/dns/cache.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cache.c,v 1.80.50.3 2009-05-06 23:34:30 jinmei Exp $ */ +/* $Id: cache.c,v 1.80.50.5 2011-03-03 23:46:01 tbox Exp $ */ /*! \file */ @@ -40,6 +40,8 @@ #include <dns/rdatasetiter.h> #include <dns/result.h> +#include "rbtdb.h" + #define CACHE_MAGIC ISC_MAGIC('$', '$', '$', '$') #define VALID_CACHE(cache) ISC_MAGIC_VALID(cache, CACHE_MAGIC) @@ -121,7 +123,8 @@ struct dns_cache { unsigned int magic; isc_mutex_t lock; isc_mutex_t filelock; - isc_mem_t *mctx; + isc_mem_t *mctx; /* Main cache memory */ + isc_mem_t *hmctx; /* Heap memory */ /* Locked by 'lock'. */ int references; @@ -166,26 +169,51 @@ cache_create_db(dns_cache_t *cache, dns_db_t **db) { } isc_result_t -dns_cache_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, +dns_cache_create(isc_mem_t *cmctx, isc_taskmgr_t *taskmgr, isc_timermgr_t *timermgr, dns_rdataclass_t rdclass, const char *db_type, unsigned int db_argc, char **db_argv, dns_cache_t **cachep) { + return (dns_cache_create3(cmctx, cmctx, taskmgr, timermgr, rdclass, + NULL, db_type, db_argc, db_argv, cachep)); +} + +isc_result_t +dns_cache_create2(isc_mem_t *cmctx, isc_taskmgr_t *taskmgr, + isc_timermgr_t *timermgr, dns_rdataclass_t rdclass, + const char *cachename, const char *db_type, + unsigned int db_argc, char **db_argv, dns_cache_t **cachep) +{ + return (dns_cache_create3(cmctx, cmctx, taskmgr, timermgr, rdclass, + cachename, db_type, db_argc, db_argv, + cachep)); +} + +isc_result_t +dns_cache_create3(isc_mem_t *cmctx, isc_mem_t *hmctx, isc_taskmgr_t *taskmgr, + isc_timermgr_t *timermgr, dns_rdataclass_t rdclass, + const char *cachename, const char *db_type, + unsigned int db_argc, char **db_argv, dns_cache_t **cachep) +{ isc_result_t result; dns_cache_t *cache; - int i; + int i, extra = 0; isc_task_t *dbtask; REQUIRE(cachep != NULL); REQUIRE(*cachep == NULL); - REQUIRE(mctx != NULL); + REQUIRE(cmctx != NULL); + REQUIRE(hmctx != NULL); + + UNUSED(cachename); - cache = isc_mem_get(mctx, sizeof(*cache)); + cache = isc_mem_get(cmctx, sizeof(*cache)); if (cache == NULL) return (ISC_R_NOMEMORY); - cache->mctx = NULL; - isc_mem_attach(mctx, &cache->mctx); + cache->mctx = cache->hmctx = NULL; + isc_mem_attach(cmctx, &cache->mctx); + isc_mem_attach(hmctx, &cache->hmctx); result = isc_mutex_init(&cache->lock); if (result != ISC_R_SUCCESS) @@ -199,26 +227,38 @@ dns_cache_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, cache->live_tasks = 0; cache->rdclass = rdclass; - cache->db_type = isc_mem_strdup(mctx, db_type); + cache->db_type = isc_mem_strdup(cmctx, db_type); if (cache->db_type == NULL) { result = ISC_R_NOMEMORY; goto cleanup_filelock; } - cache->db_argc = db_argc; - if (cache->db_argc == 0) - cache->db_argv = NULL; - else { - cache->db_argv = isc_mem_get(mctx, + /* + * For databases of type "rbt" we pass hmctx to dns_db_create() + * via cache->db_argv, followed by the rest of the arguments in + * db_argv (of which there really shouldn't be any). + */ + if (strcmp(cache->db_type, "rbt") == 0) + extra = 1; + + cache->db_argc = db_argc + extra; + cache->db_argv = NULL; + + if (cache->db_argc != 0) { + cache->db_argv = isc_mem_get(cmctx, cache->db_argc * sizeof(char *)); if (cache->db_argv == NULL) { result = ISC_R_NOMEMORY; goto cleanup_dbtype; } + for (i = 0; i < cache->db_argc; i++) cache->db_argv[i] = NULL; - for (i = 0; i < cache->db_argc; i++) { - cache->db_argv[i] = isc_mem_strdup(mctx, db_argv[i]); + + cache->db_argv[0] = (char *) hmctx; + for (i = extra; i < cache->db_argc; i++) { + cache->db_argv[i] = isc_mem_strdup(cmctx, + db_argv[i - extra]); if (cache->db_argv[i] == NULL) { result = ISC_R_NOMEMORY; goto cleanup_dbargv; @@ -226,6 +266,9 @@ dns_cache_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, } } + /* + * Create the database + */ cache->db = NULL; result = cache_create_db(cache, &cache->db); if (result != ISC_R_SUCCESS) @@ -262,27 +305,26 @@ dns_cache_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, cleanup_db: dns_db_detach(&cache->db); cleanup_dbargv: - for (i = 0; i < cache->db_argc; i++) + for (i = extra; i < cache->db_argc; i++) if (cache->db_argv[i] != NULL) - isc_mem_free(mctx, cache->db_argv[i]); + isc_mem_free(cmctx, cache->db_argv[i]); if (cache->db_argv != NULL) - isc_mem_put(mctx, cache->db_argv, + isc_mem_put(cmctx, cache->db_argv, cache->db_argc * sizeof(char *)); cleanup_dbtype: - isc_mem_free(mctx, cache->db_type); + isc_mem_free(cmctx, cache->db_type); cleanup_filelock: DESTROYLOCK(&cache->filelock); cleanup_lock: DESTROYLOCK(&cache->lock); cleanup_mem: - isc_mem_put(mctx, cache, sizeof(*cache)); - isc_mem_detach(&mctx); + isc_mem_detach(&cache->hmctx); + isc_mem_putanddetach(&cache->mctx, cache, sizeof(*cache)); return (result); } static void cache_free(dns_cache_t *cache) { - isc_mem_t *mctx; int i; REQUIRE(VALID_CACHE(cache)); @@ -313,7 +355,14 @@ cache_free(dns_cache_t *cache) { dns_db_detach(&cache->db); if (cache->db_argv != NULL) { - for (i = 0; i < cache->db_argc; i++) + /* + * We don't free db_argv[0] in "rbt" cache databases + * as it's a pointer to hmctx + */ + int extra = 0; + if (strcmp(cache->db_type, "rbt") == 0) + extra = 1; + for (i = extra; i < cache->db_argc; i++) if (cache->db_argv[i] != NULL) isc_mem_free(cache->mctx, cache->db_argv[i]); isc_mem_put(cache->mctx, cache->db_argv, @@ -325,10 +374,10 @@ cache_free(dns_cache_t *cache) { DESTROYLOCK(&cache->lock); DESTROYLOCK(&cache->filelock); + cache->magic = 0; - mctx = cache->mctx; - isc_mem_put(cache->mctx, cache, sizeof(*cache)); - isc_mem_detach(&mctx); + isc_mem_detach(&cache->hmctx); + isc_mem_putanddetach(&cache->mctx, cache, sizeof(*cache)); } diff --git a/lib/dns/diff.c b/lib/dns/diff.c index a92a4967919c..37194490d4ff 100644 --- a/lib/dns/diff.c +++ b/lib/dns/diff.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: diff.c,v 1.18.50.2 2009-01-05 23:47:22 tbox Exp $ */ +/* $Id: diff.c,v 1.18.50.5 2011-03-26 00:47:02 each Exp $ */ /*! \file */ @@ -264,7 +264,6 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver, dns_rdataset_t rds; dns_rdataset_t ardataset; dns_rdataset_t *modified = NULL; - isc_boolean_t offline; op = t->op; type = t->rdata.type; @@ -301,7 +300,6 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver, CHECK(dns_db_findnsec3node(db, name, ISC_TRUE, &node)); - offline = ISC_FALSE; while (t != NULL && dns_name_equal(&t->name, name) && t->op == op && @@ -323,8 +321,6 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver, namebuf, typebuf, classbuf, (unsigned long) t->ttl, (unsigned long) rdl.ttl); - if (t->rdata.flags & DNS_RDATA_OFFLINE) - offline = ISC_TRUE; ISC_LIST_APPEND(rdl.rdata, &t->rdata, link); t = ISC_LIST_NEXT(t, link); } @@ -377,6 +373,15 @@ diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver, diff->resign); dns_db_setsigningtime(db, modified, resign); + if (diff->resign == 0 && + (op == DNS_DIFFOP_ADDRESIGN || + op == DNS_DIFFOP_DELRESIGN)) + isc_log_write( + DIFF_COMMON_LOGARGS, + ISC_LOG_WARNING, + "resign requested " + "with 0 resign " + "interval"); } } else if (result == DNS_R_UNCHANGED) { /* @@ -515,7 +520,6 @@ dns_diff_sort(dns_diff_t *diff, dns_diff_compare_func *compare) { v = isc_mem_get(diff->mctx, length * sizeof(dns_difftuple_t *)); if (v == NULL) return (ISC_R_NOMEMORY); - i = 0; for (i = 0; i < length; i++) { p = ISC_LIST_HEAD(diff->tuples); v[i] = p; diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c index 632d349577ac..9c236a28629e 100644 --- a/lib/dns/dispatch.c +++ b/lib/dns/dispatch.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dispatch.c,v 1.155.12.11 2009-12-02 23:26:28 marka Exp $ */ +/* $Id: dispatch.c,v 1.155.12.14 2011-04-06 10:34:27 marka Exp $ */ /*! \file */ @@ -881,6 +881,12 @@ get_dispsocket(dns_dispatch_t *disp, isc_sockaddr_t *dest, } portentry->refs++; break; + } else if (result == ISC_R_NOPERM) { + char buf[ISC_SOCKADDR_FORMATSIZE]; + isc_sockaddr_format(&localaddr, buf, sizeof(buf)); + dispatch_log(disp, ISC_LOG_WARNING, + "open_socket(%s) -> %s: continuing", + buf, isc_result_totext(result)); } else if (result != ISC_R_ADDRINUSE) break; } @@ -1255,7 +1261,6 @@ udp_recv(isc_event_t *ev_in, dns_dispatch_t *disp, dispsocket_t *dispsock) { * Look at flags. If query, drop it. If response, * look to see where it goes. */ - queue_response = ISC_FALSE; if ((flags & DNS_MESSAGEFLAG_QR) == 0) { /* query */ free_buffer(disp, ev->region.base, ev->region.length); @@ -1514,7 +1519,6 @@ tcp_recv(isc_task_t *task, isc_event_t *ev_in) { * Look at flags. If query, drop it. If response, * look to see where it goes. */ - queue_response = ISC_FALSE; if ((flags & DNS_MESSAGEFLAG_QR) == 0) { /* * Query. @@ -2316,9 +2320,9 @@ qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets, qid->sock_table = isc_mem_get(mgr->mctx, buckets * sizeof(dispsocketlist_t)); if (qid->sock_table == NULL) { - isc_mem_put(mgr->mctx, qid, sizeof(*qid)); isc_mem_put(mgr->mctx, qid->qid_table, buckets * sizeof(dns_displist_t)); + isc_mem_put(mgr->mctx, qid, sizeof(*qid)); return (ISC_R_NOMEMORY); } } @@ -2926,7 +2930,6 @@ dns_dispatch_detach(dns_dispatch_t **dispp) { INSIST(disp->refcount > 0); disp->refcount--; - killit = ISC_FALSE; if (disp->refcount == 0) { if (disp->recv_pending > 0) isc_socket_cancel(disp->socket, disp->task[0], @@ -3199,7 +3202,6 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp, disp->requests--; INSIST(disp->refcount > 0); disp->refcount--; - killit = ISC_FALSE; if (disp->refcount == 0) { if (disp->recv_pending > 0) isc_socket_cancel(disp->socket, disp->task[0], diff --git a/lib/dns/dst_openssl.h b/lib/dns/dst_openssl.h index a095d45ee936..51d7e071eb7c 100644 --- a/lib/dns/dst_openssl.h +++ b/lib/dns/dst_openssl.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dst_openssl.h,v 1.7 2008-04-01 23:47:10 tbox Exp $ */ +/* $Id: dst_openssl.h,v 1.7.120.2 2011-03-12 04:57:26 tbox Exp $ */ #ifndef DST_OPENSSL_H #define DST_OPENSSL_H 1 @@ -23,13 +23,28 @@ #include <isc/lang.h> #include <isc/result.h> +#include <openssl/err.h> +#include <openssl/rand.h> +#include <openssl/evp.h> +#include <openssl/conf.h> +#include <openssl/crypto.h> + +#if !defined(OPENSSL_NO_ENGINE) && defined(CRYPTO_LOCK_ENGINE) && \ + (OPENSSL_VERSION_NUMBER >= 0x0090707f) +#define USE_ENGINE 1 +#endif + ISC_LANG_BEGINDECLS isc_result_t dst__openssl_toresult(isc_result_t fallback); +#ifdef USE_ENGINE ENGINE * -dst__openssl_getengine(const char *name); +dst__openssl_getengine(const char *engine); +#else +#define dst__openssl_getengine(x) NULL +#endif isc_result_t dst__openssl_setdefault(const char *name); diff --git a/lib/dns/gssapi_link.c b/lib/dns/gssapi_link.c index a7af67f62688..4f88c62713a8 100644 --- a/lib/dns/gssapi_link.c +++ b/lib/dns/gssapi_link.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -16,7 +16,7 @@ */ /* - * $Id: gssapi_link.c,v 1.12 2008-11-11 03:55:01 marka Exp $ + * $Id: gssapi_link.c,v 1.12.12.2 2011-03-28 23:45:57 tbox Exp $ */ #include <config.h> @@ -174,7 +174,7 @@ gssapi_sign(dst_context_t *dctx, isc_buffer_t *sig) { * allocated space. */ isc_buffer_putmem(sig, gsig.value, gsig.length); - if (gsig.length != 0) + if (gsig.length != 0U) gss_release_buffer(&minor, &gsig); return (ISC_R_SUCCESS); diff --git a/lib/dns/gssapictx.c b/lib/dns/gssapictx.c index f365a64a44c6..01f4586feb9e 100644 --- a/lib/dns/gssapictx.c +++ b/lib/dns/gssapictx.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2010, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: gssapictx.c,v 1.12.118.5 2010-12-22 02:37:55 marka Exp $ */ +/* $Id: gssapictx.c,v 1.12.118.8 2011-04-07 23:07:37 marka Exp $ */ #include <config.h> @@ -177,7 +177,7 @@ log_cred(const gss_cred_id_t cred) { } if (gret == GSS_S_COMPLETE) { - if (gbuffer.length != 0) { + if (gbuffer.length != 0U) { gret = gss_release_buffer(&minor, &gbuffer); if (gret != GSS_S_COMPLETE) gss_log(3, "failed gss_release_buffer: %s", @@ -574,7 +574,7 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken, /* * RFC 2744 states the a valid output token has a non-zero length. */ - if (gouttoken.length != 0) { + if (gouttoken.length != 0U) { GBUFFER_TO_REGION(gouttoken, r); RETERR(isc_buffer_copyregion(outtoken, &r)); (void)gss_release_buffer(&minor, &gouttoken); @@ -617,8 +617,6 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, REQUIRE(outtoken != NULL && *outtoken == NULL); - log_cred(cred); - REGION_TO_GBUFFER(*intoken, gintoken); if (*ctxout == NULL) @@ -626,6 +624,8 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, else context = *ctxout; + log_cred(cred); + gret = gss_accept_sec_context(&minor, &context, cred, &gintoken, GSS_C_NO_CHANNEL_BINDINGS, &gname, NULL, &gouttoken, NULL, NULL, NULL); @@ -658,7 +658,7 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, return (result); } - if (gouttoken.length > 0) { + if (gouttoken.length > 0U) { RETERR(isc_buffer_allocate(mctx, outtoken, gouttoken.length)); GBUFFER_TO_REGION(gouttoken, r); RETERR(isc_buffer_copyregion(*outtoken, &r)); @@ -680,7 +680,7 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, * case, since principal names really should not * contain null characters. */ - if (gnamebuf.length > 0 && + if (gnamebuf.length > 0U && ((char *)gnamebuf.value)[gnamebuf.length - 1] == '\0') gnamebuf.length--; @@ -694,7 +694,7 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, RETERR(dns_name_fromtext(principal, &namebuf, dns_rootname, ISC_FALSE, NULL)); - if (gnamebuf.length != 0) { + if (gnamebuf.length != 0U) { gret = gss_release_buffer(&minor, &gnamebuf); if (gret != GSS_S_COMPLETE) gss_log(3, "failed gss_release_buffer: %s", @@ -774,9 +774,9 @@ gss_error_tostring(isc_uint32_t major, isc_uint32_t minor, snprintf(buf, buflen, "GSSAPI error: Major = %s, Minor = %s.", (char *)msg_major.value, (char *)msg_minor.value); - if (msg_major.length != 0) + if (msg_major.length != 0U) (void)gss_release_buffer(&minor_stat, &msg_major); - if (msg_minor.length != 0) + if (msg_minor.length != 0U) (void)gss_release_buffer(&minor_stat, &msg_minor); return(buf); #else diff --git a/lib/dns/include/dns/cache.h b/lib/dns/include/dns/cache.h index 94077d6b0695..92683cc68ee8 100644 --- a/lib/dns/include/dns/cache.h +++ b/lib/dns/include/dns/cache.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: cache.h,v 1.26 2007-06-19 23:47:16 tbox Exp $ */ +/* $Id: cache.h,v 1.26.332.2 2011-03-03 23:46:01 tbox Exp $ */ #ifndef DNS_CACHE_H #define DNS_CACHE_H 1 @@ -61,16 +61,37 @@ ISC_LANG_BEGINDECLS ***/ isc_result_t -dns_cache_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, +dns_cache_create(isc_mem_t *cmctx, isc_taskmgr_t *taskmgr, isc_timermgr_t *timermgr, dns_rdataclass_t rdclass, const char *db_type, unsigned int db_argc, char **db_argv, dns_cache_t **cachep); +isc_result_t +dns_cache_create2(isc_mem_t *cmctx, isc_taskmgr_t *taskmgr, + isc_timermgr_t *timermgr, dns_rdataclass_t rdclass, + const char *cachename, const char *db_type, + unsigned int db_argc, char **db_argv, dns_cache_t **cachep); +isc_result_t +dns_cache_create3(isc_mem_t *cmctx, isc_mem_t *hmctx, isc_taskmgr_t *taskmgr, + isc_timermgr_t *timermgr, dns_rdataclass_t rdclass, + const char *cachename, const char *db_type, + unsigned int db_argc, char **db_argv, dns_cache_t **cachep); /*%< * Create a new DNS cache. * + * dns_cache_create2() is used in BIND 9.7 and up but is not implemented + * here. + * + * dns_cache_create3() will create a cache using two separate memory + * contexts, one for cache data which can be cleaned and a separate one for + * memory allocated for the heap (which can grow without an upper limit and + * has no mechanism for shrinking). + * + * dns_cache_create() is a backward compatible version that internally + * specifies an empty cache name and a single memory context. + * * Requires: * - *\li 'mctx' is a valid memory context + *\li 'cmctx' (and 'hmctx' if applicable) is a valid memory context. * *\li 'taskmgr' is a valid task manager and 'timermgr' is a valid timer * manager, or both are NULL. If NULL, no periodic cleaning of the diff --git a/lib/dns/include/dns/masterdump.h b/lib/dns/include/dns/masterdump.h index 96a198df8982..d83dd33a58fe 100644 --- a/lib/dns/include/dns/masterdump.h +++ b/lib/dns/include/dns/masterdump.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: masterdump.h,v 1.42.602.2 2011-06-02 23:46:22 tbox Exp $ */ +/* $Id: masterdump.h,v 1.42.50.2 2011-05-28 00:01:51 tbox Exp $ */ #ifndef DNS_MASTERDUMP_H #define DNS_MASTERDUMP_H 1 diff --git a/lib/dns/include/dns/rdataset.h b/lib/dns/include/dns/rdataset.h index a8c3e9c7cd9b..26c989b3545e 100644 --- a/lib/dns/include/dns/rdataset.h +++ b/lib/dns/include/dns/rdataset.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataset.h,v 1.65.50.4.6.3 2011-06-21 20:13:23 each Exp $ */ +/* $Id: rdataset.h,v 1.65.50.7 2011-06-09 00:16:37 each Exp $ */ #ifndef DNS_RDATASET_H #define DNS_RDATASET_H 1 @@ -653,7 +653,7 @@ dns_rdataset_expire(dns_rdataset_t *rdataset); const char * dns_trust_totext(dns_trust_t trust); -/*%< +/* * Display trust in textual form. */ diff --git a/lib/dns/journal.c b/lib/dns/journal.c index 520083e5c1ae..3bedc0c07a54 100644 --- a/lib/dns/journal.c +++ b/lib/dns/journal.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: journal.c,v 1.103.48.8 2010-11-17 23:45:45 tbox Exp $ */ +/* $Id: journal.c,v 1.103.48.10 2011-03-12 04:57:26 tbox Exp $ */ #include <config.h> @@ -163,7 +163,7 @@ dns_db_createsoatuple(dns_db_t *db, dns_dbversion_t *ver, isc_mem_t *mctx, dns_rdataset_disassociate(&rdataset); dns_db_detachnode(db, &node); - return (ISC_R_SUCCESS); + return (result); freenode: dns_db_detachnode(db, &node); @@ -2172,6 +2172,7 @@ dns_journal_compact(isc_mem_t *mctx, char *filename, isc_uint32_t serial, CHECK(journal_fsync(new)); indexend = new->header.end.offset; + POST(indexend); } /* diff --git a/lib/dns/master.c b/lib/dns/master.c index 9c6d3b8560ed..f307f6c4e19a 100644 --- a/lib/dns/master.c +++ b/lib/dns/master.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: master.c,v 1.171.120.2 2009-01-18 23:47:40 tbox Exp $ */ +/* $Id: master.c,v 1.171.120.4 2011-03-12 04:57:26 tbox Exp $ */ /*! \file */ @@ -1162,9 +1162,10 @@ load_text(dns_loadctx_t *lctx) { goto insist_and_cleanup; } ictx = lctx->inc; - line = isc_lex_getsourceline(lctx->lex); source = isc_lex_getsourcename(lctx->lex); + line = isc_lex_getsourceline(lctx->lex); + POST(line); continue; } /* @@ -1373,8 +1374,9 @@ load_text(dns_loadctx_t *lctx) { goto insist_and_cleanup; } ictx = lctx->inc; - line = isc_lex_getsourceline(lctx->lex); source = isc_lex_getsourcename(lctx->lex); + line = isc_lex_getsourceline(lctx->lex); + POST(line); continue; } @@ -2078,6 +2080,7 @@ load_raw(dns_loadctx_t *lctx) { /* Empty read: currently, we do not use dumptime */ dumptime = isc_buffer_getuint32(&target); + POST(dumptime); lctx->first = ISC_FALSE; } @@ -2250,7 +2253,6 @@ load_raw(dns_loadctx_t *lctx) { isc_buffer_forward(&target, consumed_name); rdcount -= i; - i = 0; goto continue_read; } @@ -2634,7 +2636,6 @@ grow_rdatalist(int new_len, dns_rdatalist_t *old, int old_len, return (NULL); ISC_LIST_INIT(save); - this = ISC_LIST_HEAD(*current); while ((this = ISC_LIST_HEAD(*current)) != NULL) { ISC_LIST_UNLINK(*current, this, link); ISC_LIST_APPEND(save, this, link); @@ -2647,7 +2648,6 @@ grow_rdatalist(int new_len, dns_rdatalist_t *old, int old_len, } ISC_LIST_INIT(save); - this = ISC_LIST_HEAD(*glue); while ((this = ISC_LIST_HEAD(*glue)) != NULL) { ISC_LIST_UNLINK(*glue, this, link); ISC_LIST_APPEND(save, this, link); diff --git a/lib/dns/masterdump.c b/lib/dns/masterdump.c index d6befb5d5c98..c7e13049fecb 100644 --- a/lib/dns/masterdump.c +++ b/lib/dns/masterdump.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: masterdump.c,v 1.94.50.3.18.3 2011-06-21 20:13:22 each Exp $ */ +/* $Id: masterdump.c,v 1.94.50.10 2011-06-09 00:16:34 each Exp $ */ /*! \file */ @@ -809,9 +809,8 @@ dump_rdatasets_text(isc_mem_t *mctx, dns_name_t *name, for (i = 0; i < n; i++) { dns_rdataset_t *rds = sorted[i]; - if (ctx->style.flags & DNS_STYLEFLAG_TRUST) { + if (ctx->style.flags & DNS_STYLEFLAG_TRUST) fprintf(f, "; %s\n", dns_trust_totext(rds->trust)); - } if (((rds->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) && (ctx->style.flags & DNS_STYLEFLAG_NCACHE) == 0) { /* Omit negative cache entries */ @@ -985,6 +984,8 @@ dump_rdatasets_raw(isc_mem_t *mctx, dns_name_t *name, buffer, f); } dns_rdataset_disassociate(&rdataset); + if (result != ISC_R_SUCCESS) + return (result); } if (result == ISC_R_NOMORE) @@ -1294,23 +1295,24 @@ dumptostreaminc(dns_dumpctx_t *dctx) { isc_buffer_region(&buffer, &r); isc_buffer_putuint32(&buffer, dns_masterformat_raw); isc_buffer_putuint32(&buffer, DNS_RAWFORMAT_VERSION); - if (sizeof(now32) != sizeof(dctx->now)) { - /* - * We assume isc_stdtime_t is a 32-bit integer, - * which should be the case on most cases. - * If it turns out to be uncommon, we'll need - * to bump the version number and revise the - * header format. - */ - isc_log_write(dns_lctx, - ISC_LOGCATEGORY_GENERAL, - DNS_LOGMODULE_MASTERDUMP, - ISC_LOG_INFO, - "dumping master file in raw " - "format: stdtime is not 32bits"); - now32 = 0; - } else - now32 = dctx->now; +#if !defined(STDTIME_ON_32BITS) || (STDTIME_ON_32BITS + 0) != 1 + /* + * We assume isc_stdtime_t is a 32-bit integer, + * which should be the case on most cases. + * If it turns out to be uncommon, we'll need + * to bump the version number and revise the + * header format. + */ + isc_log_write(dns_lctx, + ISC_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTERDUMP, + ISC_LOG_INFO, + "dumping master file in raw " + "format: stdtime is not 32bits"); + now32 = 0; +#else + now32 = dctx->now; +#endif isc_buffer_putuint32(&buffer, now32); INSIST(isc_buffer_usedlength(&buffer) <= sizeof(rawheader)); @@ -1680,6 +1682,14 @@ dns_master_dumpnode(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *version, result = dns_master_dumpnodetostream(mctx, db, version, node, name, style, f); + if (result != ISC_R_SUCCESS) { + isc_log_write(dns_lctx, ISC_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTERDUMP, ISC_LOG_ERROR, + "dumping master file: %s: dump: %s", filename, + isc_result_totext(result)); + (void)isc_stdio_close(f); + return (ISC_R_UNEXPECTED); + } result = isc_stdio_close(f); if (result != ISC_R_SUCCESS) { diff --git a/lib/dns/message.c b/lib/dns/message.c index 20237416ab51..d9b8bb6fa556 100644 --- a/lib/dns/message.c +++ b/lib/dns/message.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: message.c,v 1.245.50.7.6.3 2011-06-21 20:13:22 each Exp $ */ +/* $Id: message.c,v 1.245.50.10 2011-06-09 00:16:34 each Exp $ */ /*! \file */ @@ -1194,7 +1194,6 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, skip_name_search = ISC_FALSE; skip_type_search = ISC_FALSE; - free_name = ISC_FALSE; free_rdataset = ISC_FALSE; name = isc_mempool_get(msg->namepool); @@ -2883,6 +2882,7 @@ dns_message_signer(dns_message_t *msg, dns_name_t *signer) { dns_rdataset_current(msg->tsig, &rdata); result = dns_rdata_tostruct(&rdata, &tsig, NULL); + INSIST(result == ISC_R_SUCCESS); if (msg->tsigstatus != dns_rcode_noerror) result = DNS_R_TSIGVERIFYFAILURE; else if (tsig.error != dns_rcode_noerror) diff --git a/lib/dns/name.c b/lib/dns/name.c index 80864b8b9160..f2c78905a274 100644 --- a/lib/dns/name.c +++ b/lib/dns/name.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2010, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: name.c,v 1.165.120.3 2010-07-09 05:15:05 each Exp $ */ +/* $Id: name.c,v 1.165.120.5 2011-03-12 04:57:27 tbox Exp $ */ /*! \file */ @@ -1024,12 +1024,13 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source, dns_name_t *origin, unsigned int options, isc_buffer_t *target) { - unsigned char *ndata, *label; + unsigned char *ndata, *label = NULL; char *tdata; char c; ft_state state; - unsigned int value, count; - unsigned int n1, n2, tlen, nrem, nused, digits, labels, tused; + unsigned int value = 0, count = 0; + unsigned int n1 = 0, n2 = 0; + unsigned int tlen, nrem, nused, digits = 0, labels, tused; isc_boolean_t done; unsigned char *offsets; dns_offsets_t odata; @@ -1063,16 +1064,6 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source, offsets[0] = 0; /* - * Initialize things to make the compiler happy; they're not required. - */ - n1 = 0; - n2 = 0; - label = NULL; - digits = 0; - value = 0; - count = 0; - - /* * Make 'name' empty in case of failure. */ MAKE_EMPTY(name); @@ -1171,6 +1162,7 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source, return (DNS_R_BADLABELTYPE); } state = ft_escape; + POST(state); /* FALLTHROUGH */ case ft_escape: if (!isdigit(c & 0xff)) { @@ -1236,6 +1228,7 @@ dns_name_fromtext(dns_name_t *name, isc_buffer_t *source, label = origin->ndata; n1 = origin->length; nrem -= n1; + POST(nrem); while (n1 > 0) { n2 = *label++; INSIST(n2 <= 63); /* no bitstring support */ diff --git a/lib/dns/ncache.c b/lib/dns/ncache.c index f1fc3233a595..08a20daf4d2e 100644 --- a/lib/dns/ncache.c +++ b/lib/dns/ncache.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ncache.c,v 1.43.48.7.6.3 2011-06-21 20:13:22 each Exp $ */ +/* $Id: ncache.c,v 1.43.48.10 2011-06-09 00:16:35 each Exp $ */ /*! \file */ diff --git a/lib/dns/nsec.c b/lib/dns/nsec.c index 7d93eccb7c4e..0c7e597e3204 100644 --- a/lib/dns/nsec.c +++ b/lib/dns/nsec.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsec.c,v 1.11.48.2 2009-01-06 23:47:26 tbox Exp $ */ +/* $Id: nsec.c,v 1.11.48.4 2011-03-12 04:57:27 tbox Exp $ */ /*! \file */ @@ -182,7 +182,7 @@ dns_nsec_build(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, 0, NULL); if (result == DNS_R_UNCHANGED) result = ISC_R_SUCCESS; - RETERR(result); + failure: if (dns_rdataset_isassociated(&rdataset)) dns_rdataset_disassociate(&rdataset); diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c index 081e3c6fe82d..eb3f3575861d 100644 --- a/lib/dns/openssl_link.c +++ b/lib/dns/openssl_link.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -31,7 +31,7 @@ /* * Principal Author: Brian Wellington - * $Id: openssl_link.c,v 1.22.112.5 2010-09-15 12:37:35 tbox Exp $ + * $Id: openssl_link.c,v 1.22.112.7 2011-03-12 04:57:27 tbox Exp $ */ #ifdef OPENSSL @@ -48,16 +48,6 @@ #include "dst_internal.h" #include "dst_openssl.h" -#include <openssl/err.h> -#include <openssl/rand.h> -#include <openssl/evp.h> -#include <openssl/conf.h> -#include <openssl/crypto.h> - -#if defined(CRYPTO_LOCK_ENGINE) && (OPENSSL_VERSION_NUMBER >= 0x0090707f) -#define USE_ENGINE 1 -#endif - #ifdef USE_ENGINE #include <openssl/engine.h> @@ -340,18 +330,15 @@ dst__openssl_toresult(isc_result_t fallback) { return (result); } +#if defined(USE_ENGINE) ENGINE * dst__openssl_getengine(const char *name) { UNUSED(name); - -#if defined(USE_ENGINE) return (he); -#else - return (NULL); -#endif } +#endif isc_result_t dst__openssl_setdefault(const char *name) { diff --git a/lib/dns/openssldsa_link.c b/lib/dns/openssldsa_link.c index c563d9bc10ff..9730c7529646 100644 --- a/lib/dns/openssldsa_link.c +++ b/lib/dns/openssldsa_link.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -29,7 +29,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: openssldsa_link.c,v 1.13.120.2 2009-01-14 23:47:26 tbox Exp $ */ +/* $Id: openssldsa_link.c,v 1.13.120.4 2011-03-12 04:57:27 tbox Exp $ */ #ifdef OPENSSL #ifndef USE_EVP @@ -252,7 +252,6 @@ openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) { dsasig->r = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL); cp += ISC_SHA1_DIGESTLENGTH; dsasig->s = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL); - cp += ISC_SHA1_DIGESTLENGTH; #if 0 pkey = EVP_PKEY_new(); diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c index 1e3c5c2e12e7..4671b860f34f 100644 --- a/lib/dns/opensslrsa_link.c +++ b/lib/dns/opensslrsa_link.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -17,7 +17,7 @@ /* * Principal Author: Brian Wellington - * $Id: opensslrsa_link.c,v 1.20.50.8 2010-01-22 02:36:49 marka Exp $ + * $Id: opensslrsa_link.c,v 1.20.50.11 2011-03-12 04:57:27 tbox Exp $ */ #ifdef OPENSSL #include <config.h> @@ -50,7 +50,9 @@ #if OPENSSL_VERSION_NUMBER > 0x00908000L #include <openssl/bn.h> #endif +#ifdef USE_ENGINE #include <openssl/engine.h> +#endif /* * We don't use configure for windows so enforce the OpenSSL version @@ -1079,10 +1081,14 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer) { isc_result_t ret; int i; RSA *rsa = NULL; +#ifdef USE_ENGINE ENGINE *e = NULL; +#endif isc_mem_t *mctx = key->mctx; const char *name = NULL, *label = NULL; +#if defined(USE_ENGINE) || USE_EVP EVP_PKEY *pkey = NULL; +#endif /* read private key file */ ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv); @@ -1106,6 +1112,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer) { * See if we can fetch it. */ if (name != NULL || label != NULL) { +#ifdef USE_ENGINE INSIST(name != NULL); INSIST(label != NULL); e = dst__openssl_getengine(name); @@ -1133,6 +1140,9 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer) { #endif dst__privstruct_free(&priv, mctx); return (ISC_R_SUCCESS); +#else + DST_RET(DST_R_NOENGINE); +#endif } rsa = RSA_new(); @@ -1221,6 +1231,7 @@ static isc_result_t opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label, const char *pin) { +#ifdef USE_ENGINE ENGINE *e = NULL; isc_result_t ret; EVP_PKEY *pkey = NULL; @@ -1254,6 +1265,13 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label, if (pkey != NULL) EVP_PKEY_free(pkey); return (ret); +#else + UNUSED(key); + UNUSED(engine); + UNUSED(label); + UNUSED(pin); + return(DST_R_NOENGINE); +#endif } static dst_func_t opensslrsa_functions = { diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c index 5e09db3374e3..2b1521df9120 100644 --- a/lib/dns/rbt.c +++ b/lib/dns/rbt.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbt.c,v 1.142.50.3 2009-10-20 05:06:04 marka Exp $ */ +/* $Id: rbt.c,v 1.142.50.5 2011-03-12 04:57:27 tbox Exp $ */ /*! \file */ @@ -715,6 +715,7 @@ dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname, */ compared = dns_namereln_none; last_compared = NULL; + order = 0; } dns_fixedname_init(&fixedcallbackname); @@ -1081,6 +1082,7 @@ dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname, ¤t_name, &order, &common_labels); + POST(compared); last_compared = current; @@ -1523,7 +1525,7 @@ rehash(dns_rbt_t *rbt) { oldsize = rbt->hashsize; oldtable = rbt->hashtable; - rbt->hashsize *= 2 + 1; + rbt->hashsize = rbt->hashsize * 2 + 1; rbt->hashtable = isc_mem_get(rbt->mctx, rbt->hashsize * sizeof(dns_rbtnode_t *)); if (rbt->hashtable == NULL) { @@ -1680,6 +1682,7 @@ dns_rbt_addonlevel(dns_rbtnode_t *node, dns_rbtnode_t *current, int order, } child = root; + POST(child); dns_name_init(&add_name, add_offsets); NODENAME(node, &add_name); diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c index 87b70e376e05..66ef0277d1cb 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb.c,v 1.270.12.26.4.1 2011-06-21 20:13:23 each Exp $ */ +/* $Id: rbtdb.c,v 1.270.12.32 2011-06-09 00:16:35 each Exp $ */ /*! \file */ @@ -435,8 +435,12 @@ typedef struct { rbtnodelist_t *deadnodes; /* - * Heaps. Each of these is used for TTL based expiry. + * Heaps. These are used for TTL based expiry in a cache, + * or for zone resigning in a zone DB. hmctx is the memory + * context to use for the heap (which differs from the main + * database memory context in the case of a cache). */ + isc_mem_t * hmctx; isc_heap_t **heaps; /* Locked by tree_lock. */ @@ -957,9 +961,8 @@ free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, isc_event_t *event) { if (rbtdb->heaps != NULL) { for (i = 0; i < rbtdb->node_lock_count; i++) isc_heap_destroy(&rbtdb->heaps[i]); - isc_mem_put(rbtdb->common.mctx, rbtdb->heaps, - rbtdb->node_lock_count * - sizeof(isc_heap_t *)); + isc_mem_put(rbtdb->hmctx, rbtdb->heaps, + rbtdb->node_lock_count * sizeof(isc_heap_t *)); } if (rbtdb->rrsetstats != NULL) @@ -976,6 +979,7 @@ free_rbtdb(dns_rbtdb_t *rbtdb, isc_boolean_t log, isc_event_t *event) { rbtdb->common.magic = 0; rbtdb->common.impmagic = 0; ondest = rbtdb->common.ondest; + isc_mem_detach(&rbtdb->hmctx); isc_mem_putanddetach(&rbtdb->common.mctx, rbtdb, sizeof(*rbtdb)); isc_ondestroy_notify(&ondest, rbtdb); } @@ -2641,10 +2645,15 @@ zone_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) { /* * Did we find anything? */ - if (dname_header != NULL) { + if (!IS_CACHE(search->rbtdb) && !IS_STUB(search->rbtdb) && + ns_header != NULL) { /* - * Note that DNAME has precedence over NS if both exist. + * Note that NS has precedence over DNAME if both exist + * in a zone. Otherwise DNAME take precedence over NS. */ + found = ns_header; + search->zonecut_sigrdataset = NULL; + } else if (dname_header != NULL) { found = dname_header; search->zonecut_sigrdataset = sigdname_header; } else if (ns_header != NULL) { @@ -3926,6 +3935,7 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, */ if (search.need_cleanup) { node = search.zonecut; + INSIST(node != NULL); lock = &(search.rbtdb->node_locks[node->locknum].lock); NODE_LOCK(lock, isc_rwlocktype_read); @@ -4226,6 +4236,7 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node, NODE_UNLOCK(lock, locktype); NODE_LOCK(lock, isc_rwlocktype_write); locktype = isc_rwlocktype_write; + POST(locktype); } if (need_headerupdate(found, search->now)) update_header(search->rbtdb, found, @@ -4536,15 +4547,9 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, cname_ok && cnamesig != NULL) { /* - * If we've already got the CNAME RRSIG, - * use it, otherwise change sigtype - * so that we find it. + * If we've already got the + * CNAME RRSIG, use it. */ - if (cnamesig != NULL) - foundsig = cnamesig; - else - sigtype = - RBTDB_RDATATYPE_SIGCNAME; foundsig = cnamesig; } } else if (header->type == sigtype) { @@ -4690,6 +4695,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, NODE_UNLOCK(lock, locktype); NODE_LOCK(lock, isc_rwlocktype_write); locktype = isc_rwlocktype_write; + POST(locktype); } if (update != NULL && need_headerupdate(update, search.now)) update_header(search.rbtdb, update, search.now); @@ -4707,6 +4713,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version, */ if (search.need_cleanup) { node = search.zonecut; + INSIST(node != NULL); lock = &(search.rbtdb->node_locks[node->locknum].lock); NODE_LOCK(lock, isc_rwlocktype_read); @@ -4872,6 +4879,7 @@ cache_findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options, NODE_UNLOCK(lock, locktype); NODE_LOCK(lock, isc_rwlocktype_write); locktype = isc_rwlocktype_write; + POST(locktype); } if (need_headerupdate(found, search.now)) update_header(search.rbtdb, found, search.now); @@ -6970,16 +6978,21 @@ dns_rbtdb_create int i; dns_name_t name; isc_boolean_t (*sooner)(void *, void *); + isc_mem_t *hmctx = mctx; /* Keep the compiler happy. */ - UNUSED(argc); - UNUSED(argv); UNUSED(driverarg); rbtdb = isc_mem_get(mctx, sizeof(*rbtdb)); if (rbtdb == NULL) return (ISC_R_NOMEMORY); + /* + * If argv[0] exists, it points to a memory context to use for heap + */ + if (argc != 0) + hmctx = (isc_mem_t *) argv[0]; + memset(rbtdb, '\0', sizeof(*rbtdb)); dns_name_init(&rbtdb->common.origin, NULL); rbtdb->common.attributes = 0; @@ -7044,7 +7057,7 @@ dns_rbtdb_create /* * Create the heaps. */ - rbtdb->heaps = isc_mem_get(mctx, rbtdb->node_lock_count * + rbtdb->heaps = isc_mem_get(hmctx, rbtdb->node_lock_count * sizeof(isc_heap_t *)); if (rbtdb->heaps == NULL) { result = ISC_R_NOMEMORY; @@ -7054,7 +7067,7 @@ dns_rbtdb_create rbtdb->heaps[i] = NULL; sooner = IS_CACHE(rbtdb) ? ttl_sooner : resign_sooner; for (i = 0; i < (int)rbtdb->node_lock_count; i++) { - result = isc_heap_create(mctx, sooner, set_index, 0, + result = isc_heap_create(hmctx, sooner, set_index, 0, &rbtdb->heaps[i]); if (result != ISC_R_SUCCESS) goto cleanup_heaps; @@ -7098,6 +7111,7 @@ dns_rbtdb_create * mctx won't disappear out from under us. */ isc_mem_attach(mctx, &rbtdb->common.mctx); + isc_mem_attach(hmctx, &rbtdb->hmctx); /* * Must be initialized before free_rbtdb() is called. diff --git a/lib/dns/rbtdb.h b/lib/dns/rbtdb.h index f4249af255ad..77ef43deb880 100644 --- a/lib/dns/rbtdb.h +++ b/lib/dns/rbtdb.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rbtdb.h,v 1.18 2007-06-19 23:47:16 tbox Exp $ */ +/* $Id: rbtdb.h,v 1.18.332.2 2011-03-03 23:46:01 tbox Exp $ */ #ifndef DNS_RBTDB_H #define DNS_RBTDB_H 1 @@ -39,6 +39,19 @@ dns_rbtdb_create(isc_mem_t *mctx, dns_name_t *base, dns_dbtype_t type, dns_rdataclass_t rdclass, unsigned int argc, char *argv[], void *driverarg, dns_db_t **dbp); +/*%< + * Create a new database of type "rbt" (or "rbt64"). Called via + * dns_db_create(); see documentation for that function for more details. + * + * If argv[0] is set, it points to a valid memory context to be used for + * allocation of heap memory. Generally this is used for cache databases + * only. + * + * Requires: + * + * \li argc == 0 or argv[0] is a valid memory context. + */ + ISC_LANG_ENDDECLS #endif /* DNS_RBTDB_H */ diff --git a/lib/dns/rcode.c b/lib/dns/rcode.c index 2dc0a293ea29..61c9faab06c0 100644 --- a/lib/dns/rcode.c +++ b/lib/dns/rcode.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2010, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rcode.c,v 1.8.48.2 2010-01-15 23:47:33 tbox Exp $ */ +/* $Id: rcode.c,v 1.8.48.4 2011-02-21 23:45:49 tbox Exp $ */ #include <config.h> #include <ctype.h> @@ -473,6 +473,9 @@ dns_rdataclass_format(dns_rdataclass_t rdclass, isc_result_t result; isc_buffer_t buf; + if (size == 0U) + return; + isc_buffer_init(&buf, array, size); result = dns_rdataclass_totext(rdclass, &buf); /* @@ -484,8 +487,6 @@ dns_rdataclass_format(dns_rdataclass_t rdclass, else result = ISC_R_NOSPACE; } - if (result != ISC_R_SUCCESS) { - snprintf(array, size, "<unknown>"); - array[size - 1] = '\0'; - } + if (result != ISC_R_SUCCESS) + strlcpy(array, "<unknown>", size); } diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c index daaa83ac4afc..b29cd16bae27 100644 --- a/lib/dns/rdata.c +++ b/lib/dns/rdata.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdata.c,v 1.199.50.4 2011-01-13 04:48:21 tbox Exp $ */ +/* $Id: rdata.c,v 1.199.50.6 2011-03-11 10:49:55 marka Exp $ */ /*! \file */ @@ -693,6 +693,7 @@ rdata_totext(dns_rdata_t *rdata, dns_rdata_textctx_t *tctx, if (use_default) { strlcpy(buf, "\\# ", sizeof(buf)); result = str_totext(buf, target); + INSIST(result == ISC_R_SUCCESS); dns_rdata_toregion(rdata, &sr); INSIST(sr.length < 65536); snprintf(buf, sizeof(buf), "%u", sr.length); @@ -948,6 +949,9 @@ dns_rdatatype_format(dns_rdatatype_t rdtype, isc_result_t result; isc_buffer_t buf; + if (size == 0U) + return; + isc_buffer_init(&buf, array, size); result = dns_rdatatype_totext(rdtype, &buf); /* @@ -959,10 +963,8 @@ dns_rdatatype_format(dns_rdatatype_t rdtype, else result = ISC_R_NOSPACE; } - if (result != ISC_R_SUCCESS) { - snprintf(array, size, "<unknown>"); - array[size - 1] = '\0'; - } + if (result != ISC_R_SUCCESS) + strlcpy(array, "<unknown>", size); } /* diff --git a/lib/dns/rdatalist.c b/lib/dns/rdatalist.c index e8178a767e55..6f90964232ba 100644 --- a/lib/dns/rdatalist.c +++ b/lib/dns/rdatalist.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2008, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008, 2010, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdatalist.c,v 1.36.50.2 2010-02-25 10:56:41 tbox Exp $ */ +/* $Id: rdatalist.c,v 1.36.50.4 2011-02-21 23:45:49 tbox Exp $ */ /*! \file */ @@ -54,6 +54,8 @@ static dns_rdatasetmethods_t methods = { void dns_rdatalist_init(dns_rdatalist_t *rdatalist) { + REQUIRE(rdatalist != NULL); + /* * Initialize rdatalist. */ @@ -125,6 +127,8 @@ isc_result_t isc__rdatalist_next(dns_rdataset_t *rdataset) { dns_rdata_t *rdata; + REQUIRE(rdataset != NULL); + rdata = rdataset->private2; if (rdata == NULL) return (ISC_R_NOMORE); @@ -141,6 +145,8 @@ void isc__rdatalist_current(dns_rdataset_t *rdataset, dns_rdata_t *rdata) { dns_rdata_t *list_rdata; + REQUIRE(rdataset != NULL); + list_rdata = rdataset->private2; INSIST(list_rdata != NULL); @@ -149,6 +155,10 @@ isc__rdatalist_current(dns_rdataset_t *rdataset, dns_rdata_t *rdata) { void isc__rdatalist_clone(dns_rdataset_t *source, dns_rdataset_t *target) { + + REQUIRE(source != NULL); + REQUIRE(target != NULL); + *target = *source; /* @@ -163,6 +173,8 @@ isc__rdatalist_count(dns_rdataset_t *rdataset) { dns_rdata_t *rdata; unsigned int count; + REQUIRE(rdataset != NULL); + rdatalist = rdataset->private1; count = 0; @@ -181,6 +193,8 @@ isc__rdatalist_addnoqname(dns_rdataset_t *rdataset, dns_name_t *name) { dns_rdataset_t *rdset; dns_ttl_t ttl; + REQUIRE(rdataset != NULL); + for (rdset = ISC_LIST_HEAD(name->list); rdset != NULL; rdset = ISC_LIST_NEXT(rdset, link)) @@ -228,7 +242,9 @@ isc__rdatalist_getnoqname(dns_rdataset_t *rdataset, dns_name_t *name, dns_rdataset_t *tnegsig = NULL; dns_name_t *noqname = rdataset->private6; + REQUIRE(rdataset != NULL); REQUIRE((rdataset->attributes & DNS_RDATASETATTR_NOQNAME) != 0); + (void)dns_name_dynamic(noqname); /* Sanity Check. */ for (rdataset = ISC_LIST_HEAD(noqname->list); @@ -268,6 +284,8 @@ isc__rdatalist_addclosest(dns_rdataset_t *rdataset, dns_name_t *name) { dns_rdataset_t *rdset; dns_ttl_t ttl; + REQUIRE(rdataset != NULL); + for (rdset = ISC_LIST_HEAD(name->list); rdset != NULL; rdset = ISC_LIST_NEXT(rdset, link)) @@ -315,7 +333,9 @@ isc__rdatalist_getclosest(dns_rdataset_t *rdataset, dns_name_t *name, dns_rdataset_t *tnegsig = NULL; dns_name_t *closest = rdataset->private7; + REQUIRE(rdataset != NULL); REQUIRE((rdataset->attributes & DNS_RDATASETATTR_CLOSEST) != 0); + (void)dns_name_dynamic(closest); /* Sanity Check. */ for (rdataset = ISC_LIST_HEAD(closest->list); diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c index 672e0011b158..f7f6240d1273 100644 --- a/lib/dns/rdataset.c +++ b/lib/dns/rdataset.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataset.c,v 1.82.50.4.6.3 2011-06-21 20:13:23 each Exp $ */ +/* $Id: rdataset.c,v 1.82.50.8 2011-06-09 00:16:36 each Exp $ */ /*! \file */ @@ -319,7 +319,7 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, dns_rdata_t rdata = DNS_RDATA_INIT; isc_region_t r; isc_result_t result; - unsigned int i, count, added, choice; + unsigned int i, count = 0, added, choice; isc_buffer_t savedbuffer, rdlen, rrbuffer; unsigned int headlen; isc_boolean_t question = ISC_FALSE; @@ -339,7 +339,6 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, REQUIRE((order == NULL) == (order_arg == NULL)); REQUIRE(cctx != NULL && cctx->mctx != NULL); - count = 0; if ((rdataset->attributes & DNS_RDATASETATTR_QUESTION) != 0) { question = ISC_TRUE; count = 1; diff --git a/lib/dns/request.c b/lib/dns/request.c index c1cd235fc19b..1dc4610129e4 100644 --- a/lib/dns/request.c +++ b/lib/dns/request.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: request.c,v 1.82.72.2 2009-01-18 23:47:40 tbox Exp $ */ +/* $Id: request.c,v 1.82.72.4 2011-03-12 04:57:27 tbox Exp $ */ /*! \file */ @@ -428,12 +428,10 @@ req_send(dns_request_t *request, isc_task_t *task, isc_sockaddr_t *address) { isc_region_t r; isc_socket_t *socket; isc_result_t result; - unsigned int dispattr; req_log(ISC_LOG_DEBUG(3), "req_send: request %p", request); REQUIRE(VALID_REQUEST(request)); - dispattr = dns_dispatch_getattributes(request->dispatch); socket = req_getsocket(request); isc_buffer_usedregion(request->query, &r); /* diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index f60eee945611..dbeb060fbcd8 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: resolver.c,v 1.384.14.30.4.1 2011-06-21 20:13:23 each Exp $ */ +/* $Id: resolver.c,v 1.384.14.32 2011-06-09 00:16:36 each Exp $ */ /*! \file */ @@ -2602,7 +2602,7 @@ fctx_getaddresses(fetchctx_t *fctx, isc_boolean_t badcache) { isc_result_t result; dns_resolver_t *res; isc_stdtime_t now; - unsigned int stdoptions; + unsigned int stdoptions = 0; isc_sockaddr_t *sa; dns_adbaddrinfo_t *ai; isc_boolean_t all_bad; @@ -2621,7 +2621,6 @@ fctx_getaddresses(fetchctx_t *fctx, isc_boolean_t badcache) { } res = fctx->res; - stdoptions = 0; /* Keep compiler happy. */ /* * Forwarders. @@ -4260,6 +4259,8 @@ validated(isc_task_t *task, isc_event_t *event) { sigrdataset, 0, NULL); dns_db_detachnode(fctx->cache, &nsnode); + if (result != ISC_R_SUCCESS) + continue; } result = dns_message_nextname(fctx->rmessage, DNS_SECTION_AUTHORITY); @@ -4322,6 +4323,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo, res = fctx->res; need_validation = ISC_FALSE; + POST(need_validation); secure_domain = ISC_FALSE; have_answer = ISC_FALSE; eresult = ISC_R_SUCCESS; @@ -4789,6 +4791,7 @@ ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, res = fctx->res; need_validation = ISC_FALSE; + POST(need_validation); secure_domain = ISC_FALSE; eresult = ISC_R_SUCCESS; name = &fctx->name; @@ -5476,6 +5479,7 @@ answer_response(fetchctx_t *fctx) { chaining = ISC_FALSE; have_answer = ISC_FALSE; want_chaining = ISC_FALSE; + POST(want_chaining); if ((message->flags & DNS_MESSAGEFLAG_AA) != 0) aa = ISC_TRUE; else @@ -5664,6 +5668,7 @@ answer_response(fetchctx_t *fctx) { return (DNS_R_FORMERR); found = ISC_TRUE; want_chaining = ISC_TRUE; + POST(want_chaining); aflag = DNS_RDATASETATTR_ANSWER; result = dname_target(rdataset, qname, name, @@ -5675,6 +5680,7 @@ answer_response(fetchctx_t *fctx) { * try to continue. */ want_chaining = ISC_FALSE; + POST(want_chaining); } else if (result != ISC_R_SUCCESS) return (result); else @@ -6490,6 +6496,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) { unsigned int version; resend = ISC_TRUE; + INSIST(opt != NULL); version = (opt->ttl >> 16) & 0xff; flags = (version << DNS_FETCHOPT_EDNSVERSIONSHIFT) | DNS_FETCHOPT_EDNSVERSIONSET; @@ -7949,10 +7956,8 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name, resolver->badcache = isc_mem_get(resolver->mctx, sizeof(*resolver->badcache) * DNS_BADCACHE_SIZE); - if (resolver->badcache == NULL) { - result = ISC_R_NOMEMORY; + if (resolver->badcache == NULL) goto cleanup; - } resolver->badhash = DNS_BADCACHE_SIZE; memset(resolver->badcache, 0, sizeof(*resolver->badcache) * resolver->badhash); @@ -7982,10 +7987,8 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name, if (bad == NULL) { isc_buffer_t buffer; bad = isc_mem_get(resolver->mctx, sizeof(*bad) + name->length); - if (bad == NULL) { - result = ISC_R_NOMEMORY; + if (bad == NULL) goto cleanup; - } bad->type = type; bad->hashval = hashval; isc_buffer_init(&buffer, bad + 1, name->length); diff --git a/lib/dns/sdlz.c b/lib/dns/sdlz.c index 6be315a4e742..baaedcee0d35 100644 --- a/lib/dns/sdlz.c +++ b/lib/dns/sdlz.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2005-2010 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2005-2011 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -50,7 +50,7 @@ * USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sdlz.c,v 1.18.50.6 2010-08-16 05:21:42 marka Exp $ */ +/* $Id: sdlz.c,v 1.18.50.8 2011-03-12 04:57:27 tbox Exp $ */ /*! \file */ @@ -326,7 +326,7 @@ destroy(dns_sdlz_db_t *sdlz) { sdlz->common.magic = 0; sdlz->common.impmagic = 0; - isc_mutex_destroy(&sdlz->refcnt_lock); + (void)isc_mutex_destroy(&sdlz->refcnt_lock); dns_name_free(&sdlz->common.origin, mctx); diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c index ad15331edf3b..10f6bd706754 100644 --- a/lib/dns/spnego.c +++ b/lib/dns/spnego.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2006-2009, 2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: spnego.c,v 1.8.118.4 2009-07-21 07:27:13 marka Exp $ */ +/* $Id: spnego.c,v 1.8.118.8 2011-04-04 11:12:21 marka Exp $ */ /*! \file * \brief @@ -172,6 +172,8 @@ /* asn1_err.h */ /* Generated from ../../../lib/asn1/asn1_err.et */ +#ifndef ERROR_TABLE_BASE_asn1 +/* these may be brought in already via gssapi_krb5.h */ typedef enum asn1_error_number { ASN1_BAD_TIMEFORMAT = 1859794432, ASN1_MISSING_FIELD = 1859794433, @@ -186,6 +188,7 @@ typedef enum asn1_error_number { } asn1_error_number; #define ERROR_TABLE_BASE_asn1 1859794432 +#endif #define __asn1_common_definitions__ @@ -374,7 +377,7 @@ cmp_gss_type(gss_buffer_t token, gss_OID oid) unsigned char *p; size_t len; - if (token->length == 0) + if (token->length == 0U) return (GSS_S_DEFECTIVE_TOKEN); p = token->value; @@ -382,7 +385,7 @@ cmp_gss_type(gss_buffer_t token, gss_OID oid) return (GSS_S_DEFECTIVE_TOKEN); len = *p++; if (len & 0x80) { - if ((len & 0x7f) > 4) + if ((len & 0x7f) > 4U) return (GSS_S_DEFECTIVE_TOKEN); p += len & 0x7f; } @@ -409,7 +412,7 @@ code_NegTokenArg(OM_uint32 * minor_status, { OM_uint32 ret; u_char *buf; - size_t buf_size, buf_len; + size_t buf_size, buf_len = 0; buf_size = 1024; buf = malloc(buf_size); @@ -528,7 +531,7 @@ send_accept(OM_uint32 * minor_status, *minor_status = ENOMEM; return (GSS_S_FAILURE); } - if (mech_token != NULL && mech_token->length != 0) { + if (mech_token != NULL && mech_token->length != 0U) { resp.responseToken = malloc(sizeof(*resp.responseToken)); if (resp.responseToken == NULL) { free_NegTokenResp(&resp); @@ -672,7 +675,7 @@ gss_accept_sec_context_spnego(OM_uint32 *minor_status, ot = &obuf; } ret = send_accept(&minor_status2, output_token, ot, pref); - if (ot != NULL && ot->length != 0) + if (ot != NULL && ot->length != 0U) gss_release_buffer(&minor_status2, ot); return (ret); @@ -689,7 +692,7 @@ gssapi_verify_mech_header(u_char ** str, int e; u_char *p = *str; - if (total_len < 1) + if (total_len < 1U) return (GSS_S_DEFECTIVE_TOKEN); if (*p++ != 0x60) return (GSS_S_DEFECTIVE_TOKEN); @@ -789,7 +792,7 @@ der_get_int(const unsigned char *p, size_t len, int val = 0; size_t oldlen = len; - if (len > 0) { + if (len > 0U) { val = (signed char)*p++; while (--len) val = val * 256 + *p++; @@ -806,11 +809,11 @@ der_get_length(const unsigned char *p, size_t len, { size_t v; - if (len <= 0) + if (len <= 0U) return (ASN1_OVERRUN); --len; v = *p++; - if (v < 128) { + if (v < 128U) { *val = v; if (size) *size = 1; @@ -819,7 +822,7 @@ der_get_length(const unsigned char *p, size_t len, size_t l; unsigned tmp; - if (v == 0x80) { + if (v == 0x80U) { *val = ASN1_INDEFINITE; if (size) *size = 1; @@ -844,7 +847,7 @@ der_get_octet_string(const unsigned char *p, size_t len, { data->length = len; data->data = malloc(len); - if (data->data == NULL && data->length != 0) + if (data->data == NULL && data->length != 0U) return (ENOMEM); memcpy(data->data, p, len); if (size) @@ -859,23 +862,23 @@ der_get_oid(const unsigned char *p, size_t len, int n; size_t oldlen = len; - if (len < 1) + if (len < 1U) return (ASN1_OVERRUN); data->components = malloc(len * sizeof(*data->components)); - if (data->components == NULL && len != 0) + if (data->components == NULL && len != 0U) return (ENOMEM); data->components[0] = (*p) / 40; data->components[1] = (*p) % 40; --len; ++p; - for (n = 2; len > 0; ++n) { + for (n = 2; len > 0U; ++n) { unsigned u = 0; do { --len; u = u * 128 + (*p++ % 128); - } while (len > 0 && p[-1] & 0x80); + } while (len > 0U && p[-1] & 0x80); data->components[n] = u; } if (p[-1] & 0x80) { @@ -893,7 +896,7 @@ der_get_tag(const unsigned char *p, size_t len, Der_class *class, Der_type *type, int *tag, size_t *size) { - if (len < 1) + if (len < 1U) return (ASN1_OVERRUN); *class = (Der_class) (((*p) >> 6) & 0x03); *type = (Der_type) (((*p) >> 5) & 0x01); @@ -1083,7 +1086,7 @@ len_unsigned(unsigned val) static size_t length_len(size_t len) { - if (len < 128) + if (len < 128U) return (1); else return (len_unsigned(len) + 1); @@ -1105,7 +1108,7 @@ der_put_unsigned(unsigned char *p, size_t len, unsigned val, size_t *size) unsigned char *base = p; if (val) { - while (len > 0 && val) { + while (len > 0U && val) { *p-- = val % 256; val /= 256; --len; @@ -1116,7 +1119,7 @@ der_put_unsigned(unsigned char *p, size_t len, unsigned val, size_t *size) *size = base - p; return (0); } - } else if (len < 1) + } else if (len < 1U) return (ASN1_OVERFLOW); else { *p = 0; @@ -1132,14 +1135,14 @@ der_put_int(unsigned char *p, size_t len, int val, size_t *size) if (val >= 0) { do { - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); *p-- = val % 256; len--; val /= 256; } while (val); if (p[1] >= 128) { - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); *p-- = 0; len--; @@ -1147,14 +1150,14 @@ der_put_int(unsigned char *p, size_t len, int val, size_t *size) } else { val = ~val; do { - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); *p-- = ~(val % 256); len--; val /= 256; } while (val); if (p[1] < 128) { - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); *p-- = 0xff; len--; @@ -1167,9 +1170,9 @@ der_put_int(unsigned char *p, size_t len, int val, size_t *size) static int der_put_length(unsigned char *p, size_t len, size_t val, size_t *size) { - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); - if (val < 128) { + if (val < 128U) { *p = val; *size = 1; return (0); @@ -1210,20 +1213,20 @@ der_put_oid(unsigned char *p, size_t len, for (n = data->length - 1; n >= 2; --n) { unsigned u = data->components[n]; - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); *p-- = u % 128; u /= 128; --len; while (u > 0) { - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); *p-- = 128 + u % 128; u /= 128; --len; } } - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); *p-- = 40 * data->components[0] + data->components[1]; *size = base - p; @@ -1234,7 +1237,7 @@ static int der_put_tag(unsigned char *p, size_t len, Der_class class, Der_type type, int tag, size_t *size) { - if (len < 1) + if (len < 1U) return (ASN1_OVERFLOW); *p = (class << 6) | (type << 5) | tag; /* XXX */ *size = 1; @@ -1400,7 +1403,7 @@ gssapi_spnego_encapsulate(OM_uint32 * minor_status, } p = gssapi_mech_make_header(output_token->value, len, mech); if (p == NULL) { - if (output_token->length != 0) + if (output_token->length != 0U) gss_release_buffer(minor_status, output_token); return (GSS_S_FAILURE); } @@ -1448,7 +1451,7 @@ gssapi_krb5_get_mech(const u_char *ptr, const u_char *p = ptr; int e; - if (total_len < 1) + if (total_len < 1U) return (-1); if (*p++ != 0x60) return (-1); @@ -1518,7 +1521,7 @@ spnego_initial(OM_uint32 *minor_status, ret = major_status; goto end; } - if (krb5_output_token.length > 0) { + if (krb5_output_token.length > 0U) { token_init.mechToken = malloc(sizeof(*token_init.mechToken)); if (token_init.mechToken == NULL) { *minor_status = ENOMEM; @@ -1585,7 +1588,7 @@ end: token_init.mechToken = NULL; } free_NegTokenInit(&token_init); - if (krb5_output_token.length != 0) + if (krb5_output_token.length != 0U) gss_release_buffer(&minor_status2, &krb5_output_token); if (buf) free(buf); @@ -1755,7 +1758,7 @@ gss_init_sec_context_spnego(OM_uint32 *minor_status, /* Figure out whether we're starting over or processing a reply */ - if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) + if (input_token == GSS_C_NO_BUFFER || input_token->length == 0U) return (spnego_initial(minor_status, initiator_cred_handle, context_handle, diff --git a/lib/dns/time.c b/lib/dns/time.c index bd8cdc31d74c..806f73ce6288 100644 --- a/lib/dns/time.c +++ b/lib/dns/time.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1998-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: time.c,v 1.31.332.4 2010-04-21 23:48:05 tbox Exp $ */ +/* $Id: time.c,v 1.31.332.6 2011-03-09 23:45:50 tbox Exp $ */ /*! \file */ @@ -28,6 +28,7 @@ #include <isc/print.h> #include <isc/region.h> +#include <isc/serial.h> #include <isc/stdtime.h> #include <isc/util.h> @@ -44,13 +45,21 @@ dns_time64_totext(isc_int64_t t, isc_buffer_t *target) { unsigned int l; isc_region_t region; - REQUIRE(t >= 0); - +/* + * Warning. Do NOT use arguments with side effects with these macros. + */ #define is_leap(y) ((((y) % 4) == 0 && ((y) % 100) != 0) || ((y) % 400) == 0) #define year_secs(y) ((is_leap(y) ? 366 : 365 ) * 86400) #define month_secs(m,y) ((days[m] + ((m == 1 && is_leap(y)) ? 1 : 0 )) * 86400) tm.tm_year = 70; + while (t < 0) { + if (tm.tm_year == 0) + return (ISC_R_RANGE); + tm.tm_year--; + secs = year_secs(tm.tm_year + 1900); + t += secs; + } while ((secs = year_secs(tm.tm_year + 1900)) <= t) { t -= secs; tm.tm_year++; @@ -98,7 +107,6 @@ isc_result_t dns_time32_totext(isc_uint32_t value, isc_buffer_t *target) { isc_stdtime_t now; isc_int64_t start; - isc_int64_t base; isc_int64_t t; /* @@ -109,12 +117,10 @@ dns_time32_totext(isc_uint32_t value, isc_buffer_t *target) { */ isc_stdtime_get(&now); start = (isc_int64_t) now; - start -= 0x7fffffff; - base = 0; - while ((t = (base + value)) < start) { - base += 0x80000000; - base += 0x80000000; - } + if (isc_serial_gt(value, now)) + t = start + (value - now); + else + t = start - (now - value); return (dns_time64_totext(t, target)); } @@ -145,7 +151,7 @@ dns_time64_fromtext(const char *source, isc_int64_t *target) { &year, &month, &day, &hour, &minute, &second) != 6) return (DNS_R_SYNTAX); - RANGE(1970, 9999, year); + RANGE(0, 9999, year); RANGE(1, 12, month); RANGE(1, days[month - 1] + ((month == 2 && is_leap(year)) ? 1 : 0), day); @@ -154,16 +160,24 @@ dns_time64_fromtext(const char *source, isc_int64_t *target) { RANGE(0, 60, second); /* 60 == leap second. */ /* - * Calculate seconds since epoch. + * Calculate seconds from epoch. + * Note: this uses a idealized calendar. */ value = second + (60 * minute) + (3600 * hour) + ((day - 1) * 86400); for (i = 0; i < (month - 1); i++) value += days[i] * 86400; if (is_leap(year) && month > 2) value += 86400; - for (i = 1970; i < year; i++) { - secs = (is_leap(i) ? 366 : 365) * 86400; - value += secs; + if (year < 1970) { + for (i = 1969; i >= year; i--) { + secs = (is_leap(i) ? 366 : 365) * 86400; + value -= secs; + } + } else { + for (i = 1970; i < year; i++) { + secs = (is_leap(i) ? 366 : 365) * 86400; + value += secs; + } } *target = value; diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c index 7107dd50911d..bb9153fe0913 100644 --- a/lib/dns/tkey.c +++ b/lib/dns/tkey.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2010, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -16,7 +16,7 @@ */ /* - * $Id: tkey.c,v 1.90.118.4 2010-12-09 01:12:55 marka Exp $ + * $Id: tkey.c,v 1.90.118.6 2011-03-12 04:57:28 tbox Exp $ */ /*! \file */ #include <config.h> @@ -75,7 +75,9 @@ _dns_tkey_dumpmessage(dns_message_t *msg) { isc_buffer_init(&outbuf, output, sizeof(output)); result = dns_message_totext(msg, &dns_master_style_debug, 0, &outbuf); - /* XXXMLG ignore result */ + if (result != ISC_R_SUCCESS) + fprintf(stderr, "Warning: dns_message_totext returned: %s\n", + dns_result_totext(result)); fprintf(stderr, "%.*s\n", (int)isc_buffer_usedlength(&outbuf), (char *)isc_buffer_base(&outbuf)); } @@ -175,8 +177,10 @@ add_rdata_to_list(dns_message_t *msg, dns_name_t *name, dns_rdata_t *rdata, failure: if (newrdata != NULL) { - if (ISC_LINK_LINKED(newrdata, link)) + if (ISC_LINK_LINKED(newrdata, link)) { + INSIST(newlist != NULL); ISC_LIST_UNLINK(newlist->rdata, newrdata, link); + } dns_message_puttemprdata(msg, &newrdata); } if (newname != NULL) @@ -500,7 +504,7 @@ process_gsstkey(dns_name_t *name, dns_rdata_tkey_t *tkeyin, tkeyout->expire = expire; } else { tkeyout->inception = tsigkey->inception; - tkeyout->expire = tkeyout->expire; + tkeyout->expire = tsigkey->expire; dns_tsigkey_detach(&tsigkey); } diff --git a/lib/dns/ttl.c b/lib/dns/ttl.c index 3e41d63b3b25..260fded9d394 100644 --- a/lib/dns/ttl.c +++ b/lib/dns/ttl.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ttl.c,v 1.29 2007-06-19 23:47:16 tbox Exp $ */ +/* $Id: ttl.c,v 1.29.332.2 2011-03-12 04:57:28 tbox Exp $ */ /*! \file */ @@ -86,6 +86,7 @@ dns_ttl_totext(isc_uint32_t src, isc_boolean_t verbose, isc_buffer_t *target) { hours = src % 24; src /= 24; days = src % 7; src /= 7; weeks = src; src = 0; + POST(src); x = 0; if (weeks != 0) { diff --git a/lib/dns/validator.c b/lib/dns/validator.c index 79c8798bbeee..a60a128b45aa 100644 --- a/lib/dns/validator.c +++ b/lib/dns/validator.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: validator.c,v 1.164.12.23.4.3 2011-06-21 20:13:23 each Exp $ */ +/* $Id: validator.c,v 1.164.12.29 2011-06-09 00:16:37 each Exp $ */ #include <config.h> @@ -322,7 +322,6 @@ isdelegation(dns_name_t *name, dns_rdataset_t *rdataset, dns_fixedname_init(&fixed); dns_name_downcase(name, dns_fixedname_name(&fixed), NULL); name = dns_fixedname_name(&fixed); - result = dns_rdataset_first(rdataset); for (result = dns_rdataset_first(rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(rdataset)) @@ -506,7 +505,8 @@ dsfetched(isc_task_t *task, isc_event_t *event) { result = validatezonekey(val); if (result != DNS_R_WAIT) validator_done(val, result); - } else if (eresult == DNS_R_NXRRSET || + } else if (eresult == DNS_R_CNAME || + eresult == DNS_R_NXRRSET || eresult == DNS_R_NCACHENXRRSET || eresult == DNS_R_SERVFAIL) /* RFC 1034 parent? */ { @@ -574,12 +574,16 @@ dsfetched2(isc_task_t *task, isc_event_t *event) { LOCK(&val->lock); if (CANCELED(val)) { validator_done(val, ISC_R_CANCELED); - } else if (eresult == DNS_R_NXRRSET || eresult == DNS_R_NCACHENXRRSET) { + } else if (eresult == DNS_R_CNAME || + eresult == DNS_R_NXRRSET || + eresult == DNS_R_NCACHENXRRSET) + { /* * There is no DS. If this is a delegation, we're done. */ tname = dns_fixedname_name(&devent->foundname); - if (isdelegation(tname, &val->frdataset, eresult)) { + if (eresult != DNS_R_CNAME && + isdelegation(tname, &val->frdataset, eresult)) { if (val->mustbesecure) { validator_log(val, ISC_LOG_WARNING, "must be secure failure"); @@ -772,6 +776,60 @@ dsvalidated(isc_task_t *task, isc_event_t *event) { } /*% + * Callback when the CNAME record has been validated. + * + * Resumes validation of the unsecure zone proof. + */ +static void +cnamevalidated(isc_task_t *task, isc_event_t *event) { + dns_validatorevent_t *devent; + dns_validator_t *val; + isc_boolean_t want_destroy; + isc_result_t result; + isc_result_t eresult; + + UNUSED(task); + INSIST(event->ev_type == DNS_EVENT_VALIDATORDONE); + + devent = (dns_validatorevent_t *)event; + val = devent->ev_arg; + eresult = devent->result; + + isc_event_free(&event); + dns_validator_destroy(&val->subvalidator); + + INSIST(val->event != NULL); + INSIST((val->attributes & VALATTR_INSECURITY) != 0); + + validator_log(val, ISC_LOG_DEBUG(3), "in cnamevalidated"); + LOCK(&val->lock); + if (CANCELED(val)) { + validator_done(val, ISC_R_CANCELED); + } else if (eresult == ISC_R_SUCCESS) { + validator_log(val, ISC_LOG_DEBUG(3), "cname with trust %s", + dns_trust_totext(val->frdataset.trust)); + result = proveunsecure(val, ISC_FALSE, ISC_TRUE); + if (result != DNS_R_WAIT) + validator_done(val, result); + } else { + if (eresult != DNS_R_BROKENCHAIN) { + if (dns_rdataset_isassociated(&val->frdataset)) + dns_rdataset_expire(&val->frdataset); + if (dns_rdataset_isassociated(&val->fsigrdataset)) + dns_rdataset_expire(&val->fsigrdataset); + } + validator_log(val, ISC_LOG_DEBUG(3), + "cnamevalidated: got %s", + isc_result_totext(eresult)); + validator_done(val, DNS_R_BROKENCHAIN); + } + want_destroy = exit_check(val); + UNLOCK(&val->lock); + if (want_destroy) + destroy(val); +} + +/*% * Return ISC_R_SUCCESS if we can determine that the name doesn't exist * or we can determine whether there is data or not at the name. * If the name does not exist return the wildcard name. @@ -1227,7 +1285,6 @@ authvalidated(isc_task_t *task, isc_event_t *event) { dns_validatorevent_t *devent; dns_validator_t *val; dns_rdataset_t *rdataset; - dns_rdataset_t *sigrdataset; isc_boolean_t want_destroy; isc_result_t result; isc_boolean_t exists, data; @@ -1237,7 +1294,6 @@ authvalidated(isc_task_t *task, isc_event_t *event) { devent = (dns_validatorevent_t *)event; rdataset = devent->rdataset; - sigrdataset = devent->sigrdataset; val = devent->ev_arg; result = devent->result; dns_validator_destroy(&val->subvalidator); @@ -1961,7 +2017,8 @@ validate(dns_validator_t *val, isc_boolean_t resume) { isc_stdtime_get(&now); ttl = ISC_MIN(event->rdataset->ttl, - val->siginfo->timeexpire - now); + ISC_MIN(val->siginfo->originalttl, + val->siginfo->timeexpire - now)); if (val->keyset != NULL) ttl = ISC_MIN(ttl, val->keyset->ttl); event->rdataset->ttl = ttl; @@ -2374,8 +2431,10 @@ validatezonekey(dns_validator_t *val) { validator_log(val, ISC_LOG_DEBUG(2), "unsigned DS record"); return (DNS_R_NOVALIDSIG); - } else + } else { result = ISC_R_SUCCESS; + POST(result); + } } else if (result == ISC_R_NOTFOUND) { /* * We don't have the DS. Find it. @@ -2386,11 +2445,12 @@ validatezonekey(dns_validator_t *val) { if (result != ISC_R_SUCCESS) return (result); return (DNS_R_WAIT); - } else if (result == DNS_R_NCACHENXDOMAIN || + } else if (result == DNS_R_NCACHENXDOMAIN || result == DNS_R_NCACHENXRRSET || result == DNS_R_EMPTYNAME || result == DNS_R_NXDOMAIN || - result == DNS_R_NXRRSET) + result == DNS_R_NXRRSET || + result == DNS_R_CNAME) { /* * The DS does not exist. @@ -2816,6 +2876,7 @@ findnsec3proofs(dns_validator_t *val) { } if (result != ISC_R_NOMORE) result = ISC_R_SUCCESS; + POST(result); if (dns_name_countlabels(zonename) == 0) return (ISC_R_SUCCESS); @@ -3692,6 +3753,20 @@ proveunsecure(dns_validator_t *val, isc_boolean_t have_ds, isc_boolean_t resume) return (startfinddlvsep(val, tname)); } continue; + } else if (result == DNS_R_CNAME) { + if (DNS_TRUST_PENDING(val->frdataset.trust) || + DNS_TRUST_ANSWER(val->frdataset.trust)) { + result = create_validator(val, tname, + dns_rdatatype_cname, + &val->frdataset, + NULL, cnamevalidated, + "proveunsecure " + "(cname)"); + if (result != ISC_R_SUCCESS) + goto out; + return (DNS_R_WAIT); + } + continue; } else if (result == ISC_R_SUCCESS) { /* * There is a DS here. Verify that it's secure and @@ -3949,9 +4024,9 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, isc_task_t *task, isc_taskaction_t action, void *arg, dns_validator_t **validatorp) { - isc_result_t result; + isc_result_t result = ISC_R_FAILURE; dns_validator_t *val; - isc_task_t *tclone; + isc_task_t *tclone = NULL; dns_validatorevent_t *event; REQUIRE(name != NULL); @@ -3959,9 +4034,6 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type, (rdataset == NULL && sigrdataset == NULL && message != NULL)); REQUIRE(validatorp != NULL && *validatorp == NULL); - tclone = NULL; - result = ISC_R_FAILURE; - val = isc_mem_get(view->mctx, sizeof(*val)); if (val == NULL) return (ISC_R_NOMEMORY); diff --git a/lib/dns/view.c b/lib/dns/view.c index 809cc151334b..1b848c1ecb01 100644 --- a/lib/dns/view.c +++ b/lib/dns/view.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: view.c,v 1.150.84.6 2010-09-24 08:09:08 marka Exp $ */ +/* $Id: view.c,v 1.150.84.8 2011-03-12 04:57:28 tbox Exp $ */ /*! \file */ @@ -1192,6 +1192,7 @@ dns_viewlist_findzone(dns_viewlist_t *list, dns_name_t *name, if (result == DNS_R_PARTIALMATCH) { dns_zone_detach(zp); result = ISC_R_NOTFOUND; + POST(result); } if (zone2 != NULL) { diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c index b3f2e9554500..c11da6fe7506 100644 --- a/lib/dns/xfrin.c +++ b/lib/dns/xfrin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: xfrin.c,v 1.166 2008-09-25 04:12:39 marka Exp $ */ +/* $Id: xfrin.c,v 1.166.48.4 2011-03-11 10:49:57 marka Exp $ */ /*! \file */ @@ -83,8 +83,9 @@ typedef enum { XFRST_IXFR_DEL, XFRST_IXFR_ADDSOA, XFRST_IXFR_ADD, + XFRST_IXFR_END, XFRST_AXFR, - XFRST_END + XFRST_AXFR_END } xfrin_state_t; /*% @@ -203,6 +204,7 @@ static isc_result_t axfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op, dns_rdata_t *rdata); static isc_result_t axfr_apply(dns_xfrin_ctx_t *xfr); static isc_result_t axfr_commit(dns_xfrin_ctx_t *xfr); +static isc_result_t axfr_finalize(dns_xfrin_ctx_t *xfr); static isc_result_t ixfr_init(dns_xfrin_ctx_t *xfr); static isc_result_t ixfr_apply(dns_xfrin_ctx_t *xfr); @@ -318,6 +320,16 @@ axfr_commit(dns_xfrin_ctx_t *xfr) { CHECK(axfr_apply(xfr)); CHECK(dns_db_endload(xfr->db, &xfr->axfr.add_private)); + + result = ISC_R_SUCCESS; + failure: + return (result); +} + +static isc_result_t +axfr_finalize(dns_xfrin_ctx_t *xfr) { + isc_result_t result; + CHECK(dns_zone_replacedb(xfr->zone, xfr->db, ISC_TRUE)); result = ISC_R_SUCCESS; @@ -541,7 +553,7 @@ xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name, isc_uint32_t ttl, isc_uint32_t soa_serial = dns_soa_getserial(rdata); if (soa_serial == xfr->end_serial) { CHECK(ixfr_commit(xfr)); - xfr->state = XFRST_END; + xfr->state = XFRST_IXFR_END; break; } else if (soa_serial != xfr->ixfr.current_serial) { xfrin_log(xfr, ISC_LOG_ERROR, @@ -572,11 +584,12 @@ xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name, isc_uint32_t ttl, CHECK(axfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata)); if (rdata->type == dns_rdatatype_soa) { CHECK(axfr_commit(xfr)); - xfr->state = XFRST_END; + xfr->state = XFRST_AXFR_END; break; } break; - case XFRST_END: + case XFRST_AXFR_END: + case XFRST_IXFR_END: FAIL(DNS_R_EXTRADATA); default: INSIST(0); @@ -1234,7 +1247,7 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { result = DNS_R_UNEXPECTEDID; if (xfr->reqtype == dns_rdatatype_axfr || xfr->reqtype == dns_rdatatype_soa) - FAIL(result); + goto failure; xfrin_log(xfr, ISC_LOG_DEBUG(3), "got %s, retrying with AXFR", isc_result_totext(result)); try_axfr: @@ -1270,7 +1283,7 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { if (result != ISC_R_SUCCESS) { xfrin_log(xfr, ISC_LOG_DEBUG(3), "TSIG check failed: %s", isc_result_totext(result)); - FAIL(result); + goto failure; } for (result = dns_message_firstname(msg, DNS_SECTION_ANSWER); @@ -1318,8 +1331,9 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { } else if (dns_message_gettsigkey(msg) != NULL) { xfr->sincetsig++; - if (xfr->sincetsig > 100 || - xfr->nmsg == 0 || xfr->state == XFRST_END) + if (xfr->sincetsig > 100 || xfr->nmsg == 0 || + xfr->state == XFRST_AXFR_END || + xfr->state == XFRST_IXFR_END) { result = DNS_R_EXPECTEDTSIG; goto failure; @@ -1345,16 +1359,22 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { dns_message_destroy(&msg); - if (xfr->state == XFRST_GOTSOA) { + switch (xfr->state) { + case XFRST_GOTSOA: xfr->reqtype = dns_rdatatype_axfr; xfr->state = XFRST_INITIALSOA; CHECK(xfrin_send_request(xfr)); - } else if (xfr->state == XFRST_END) { + break; + case XFRST_AXFR_END: + CHECK(axfr_finalize(xfr)); + /* FALLTHROUGH */ + case XFRST_IXFR_END: /* * Close the journal. */ if (xfr->ixfr.journal != NULL) dns_journal_destroy(&xfr->ixfr.journal); + /* * Inform the caller we succeeded. */ @@ -1368,7 +1388,8 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) { */ xfr->shuttingdown = ISC_TRUE; maybe_free(xfr); - } else { + break; + default: /* * Read the next message. */ diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 108aefbd9b4a..606c59b28b89 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,12 +15,13 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.c,v 1.483.36.23 2010-12-14 00:48:22 marka Exp $ */ +/* $Id: zone.c,v 1.483.36.33 2011-07-21 06:23:20 marka Exp $ */ /*! \file */ #include <config.h> #include <errno.h> +#include <stdlib.h> #include <isc/file.h> #include <isc/mutex.h> @@ -1326,6 +1327,7 @@ zone_load(dns_zone_t *zone, unsigned int flags) { isc_time_t now; isc_time_t loadtime, filetime; dns_db_t *db = NULL; + isc_boolean_t rbt; REQUIRE(DNS_ZONE_VALID(zone)); @@ -1341,14 +1343,15 @@ zone_load(dns_zone_t *zone, unsigned int flags) { goto cleanup; } - if (zone->db != NULL && zone->masterfile == NULL) { + + INSIST(zone->db_argc >= 1); + + rbt = strcmp(zone->db_argv[0], "rbt") == 0 || + strcmp(zone->db_argv[0], "rbt64") == 0; + + if (zone->db != NULL && zone->masterfile == NULL && rbt) { /* - * The zone has no master file configured, but it already - * has a database. It could be the built-in - * version.bind. CH zone, a zone with a persistent - * database being reloaded, or maybe a zone that - * used to have a master file but whose configuration - * was changed so that it no longer has one. Do nothing. + * The zone has no master file configured. */ result = ISC_R_SUCCESS; goto cleanup; @@ -1367,7 +1370,6 @@ zone_load(dns_zone_t *zone, unsigned int flags) { goto cleanup; } - /* * Store the current time before the zone is loaded, so that if the * file changes between the time of the load and the time that @@ -1407,21 +1409,20 @@ zone_load(dns_zone_t *zone, unsigned int flags) { } } - INSIST(zone->db_argc >= 1); - /* - * Built in zones don't need to be reloaded. + * Built in zones (with the exception of empty zones) don't need + * to be reloaded. */ if (zone->type == dns_zone_master && strcmp(zone->db_argv[0], "_builtin") == 0 && + (zone->db_argc < 2 || strcmp(zone->db_argv[1], "empty") != 0) && DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED)) { result = ISC_R_SUCCESS; goto cleanup; } if ((zone->type == dns_zone_slave || zone->type == dns_zone_stub) && - (strcmp(zone->db_argv[0], "rbt") == 0 || - strcmp(zone->db_argv[0], "rbt64") == 0)) { + rbt) { if (zone->masterfile == NULL || !isc_file_exists(zone->masterfile)) { if (zone->masterfile != NULL) { @@ -1541,7 +1542,8 @@ get_master_options(dns_zone_t *zone) { if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKWILDCARD)) options |= DNS_MASTER_CHECKWILDCARD; if (zone->type == dns_zone_master && - (zone->update_acl != NULL || zone->ssutable != NULL)) + ((zone->update_acl != NULL && !dns_acl_isnone(zone->update_acl)) || + zone->ssutable != NULL)) options |= DNS_MASTER_RESIGN; return (options); } @@ -1933,8 +1935,7 @@ zone_check_glue(dns_zone_t *zone, dns_db_t *db, dns_name_t *name, dns_rdataset_disassociate(&aaaa); return (answer); } - } else - tresult = result; + } dns_name_format(owner, ownerbuf, sizeof ownerbuf); dns_name_format(name, namebuf, sizeof namebuf); @@ -5325,6 +5326,7 @@ zone_nsec3chain(dns_zone_t *zone) { LOCK_ZONE(zone); zone_needdump(zone, DNS_DUMP_DELAY); + DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NEEDNOTIFY); UNLOCK_ZONE(zone); done: @@ -5527,7 +5529,7 @@ zone_sign(dns_zone_t *zone) { isc_boolean_t build_nsec3 = ISC_FALSE, build_nsec = ISC_FALSE; isc_boolean_t first; isc_result_t result; - isc_stdtime_t now, inception, soaexpire, expire, stop; + isc_stdtime_t now, inception, soaexpire, expire; isc_uint32_t jitter; unsigned int i; unsigned int nkeys = 0; @@ -5582,7 +5584,6 @@ zone_sign(dns_zone_t *zone) { */ isc_random_get(&jitter); expire = soaexpire - jitter % 3600; - stop = now + 5; check_ksk = DNS_ZONE_OPTION(zone, DNS_ZONEOPT_UPDATECHECKKSK); if (check_ksk) @@ -6098,7 +6099,8 @@ void dns_zone_markdirty(dns_zone_t *zone) { LOCK_ZONE(zone); - set_resigntime(zone); /* XXXMPA make separate call back */ + if (zone->type == dns_zone_master) + set_resigntime(zone); /* XXXMPA make separate call back */ zone_needdump(zone, DNS_DUMP_DELAY); UNLOCK_ZONE(zone); } @@ -6169,7 +6171,7 @@ dns_zone_refresh(dns_zone_t *zone) { isc_interval_set(&i, isc_random_jitter(zone->retry, zone->retry / 4), 0); result = isc_time_nowplusinterval(&zone->refreshtime, &i); - if (result |= ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) dns_zone_log(zone, ISC_LOG_WARNING, "isc_time_nowplusinterval() failed: %s", dns_result_totext(result)); @@ -7523,7 +7525,7 @@ refresh_callback(isc_task_t *task, isc_event_t *event) { goto tcp_transfer; } dns_zone_log(zone, ISC_LOG_DEBUG(1), - "refresh: skipped tcp fallback" + "refresh: skipped tcp fallback " "as master %s (source %s) is " "unreachable (cached)", master, source); @@ -7704,6 +7706,7 @@ refresh_callback(isc_task_t *task, isc_event_t *event) { } else zone_debuglog(zone, me, 1, "serial: new %u, old not loaded", serial); + if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED) || DNS_ZONE_FLAG(zone, DNS_ZONEFLG_FORCEXFER) || isc_serial_gt(serial, oldserial)) { @@ -8278,6 +8281,7 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) { * XXX Optimisation: Create message when zone is setup and reuse. */ result = create_query(zone, dns_rdatatype_ns, &message); + INSIST(result == ISC_R_SUCCESS); INSIST(zone->masterscnt > 0); INSIST(zone->curmaster < zone->masterscnt); @@ -8351,6 +8355,7 @@ ns_query(dns_zone_t *zone, dns_rdataset_t *soardataset, dns_stub_t *stub) { break; default: result = ISC_R_NOTIMPLEMENTED; + POST(result); goto cleanup; } timeout = 15; @@ -10472,6 +10477,28 @@ dns_zone_first(dns_zonemgr_t *zmgr, dns_zone_t **first) { return (ISC_R_SUCCESS); } +/* + * Size of the zone task table. For best results, this should be a + * prime number, approximately 1% of the maximum number of authoritative + * zones expected to be served by this server. + */ +#define DEFAULT_ZONE_TASKS 101 +static int +calculate_zone_tasks(void) { + int ntasks = DEFAULT_ZONE_TASKS; + +#ifdef HAVE_GETENV + char *env = getenv("BIND9_ZONE_TASKS_HINT"); + if (env != NULL) + ntasks = atoi(env); + + if (ntasks < DEFAULT_ZONE_TASKS) + ntasks = DEFAULT_ZONE_TASKS; +#endif + + return (ntasks); +} + /*** *** Zone manager. ***/ @@ -10484,6 +10511,7 @@ dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, dns_zonemgr_t *zmgr; isc_result_t result; isc_interval_t interval; + int zone_tasks = calculate_zone_tasks(); zmgr = isc_mem_get(mctx, sizeof(*zmgr)); if (zmgr == NULL) @@ -10509,11 +10537,14 @@ dns_zonemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, zmgr->transfersperns = 2; /* Create the zone task pool. */ - result = isc_taskpool_create(taskmgr, mctx, - 8 /* XXX */, 2, &zmgr->zonetasks); + result = isc_taskpool_create(taskmgr, mctx, zone_tasks, 2, + &zmgr->zonetasks); if (result != ISC_R_SUCCESS) goto free_rwlock; + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_ZONE, + ISC_LOG_NOTICE, "Using %d tasks for zone loading", zone_tasks); + /* Create a single task for queueing of SOA queries. */ result = isc_task_create(taskmgr, 1, &zmgr->task); if (result != ISC_R_SUCCESS) |