diff options
Diffstat (limited to 'bin/named')
| -rw-r--r-- | bin/named/client.c | 43 | ||||
| -rw-r--r-- | bin/named/config.c | 11 | ||||
| -rw-r--r-- | bin/named/include/named/globals.h | 8 | ||||
| -rw-r--r-- | bin/named/interfacemgr.c | 8 | ||||
| -rw-r--r-- | bin/named/main.c | 81 | ||||
| -rw-r--r-- | bin/named/named.html | 2 | ||||
| -rw-r--r-- | bin/named/query.c | 96 | ||||
| -rw-r--r-- | bin/named/server.c | 200 | ||||
| -rw-r--r-- | bin/named/update.c | 2 | ||||
| -rw-r--r-- | bin/named/zoneconf.c | 6 |
10 files changed, 287 insertions, 170 deletions
diff --git a/bin/named/client.c b/bin/named/client.c index aed3b178133c..f66ceda83d50 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -532,6 +532,17 @@ exit_check(ns_client_t *client) { INSIST(client->recursionquota == NULL); INSIST(!ISC_QLINK_LINKED(client, ilink)); + if (manager != NULL) { + LOCK(&manager->listlock); + ISC_LIST_UNLINK(manager->clients, client, link); + LOCK(&manager->lock); + if (manager->exiting && + ISC_LIST_EMPTY(manager->clients)) + destroy_manager = ISC_TRUE; + UNLOCK(&manager->lock); + UNLOCK(&manager->listlock); + } + ns_query_free(client); isc_mem_put(client->mctx, client->recvbuf, RECV_BUFFER_SIZE); isc_event_free((isc_event_t **)&client->sendevent); @@ -549,16 +560,6 @@ exit_check(ns_client_t *client) { } dns_message_destroy(&client->message); - if (manager != NULL) { - LOCK(&manager->listlock); - ISC_LIST_UNLINK(manager->clients, client, link); - LOCK(&manager->lock); - if (manager->exiting && - ISC_LIST_EMPTY(manager->clients)) - destroy_manager = ISC_TRUE; - UNLOCK(&manager->lock); - UNLOCK(&manager->listlock); - } /* * Detaching the task must be done after unlinking from @@ -579,6 +580,13 @@ exit_check(ns_client_t *client) { isc_mem_stats(client->mctx, stderr); INSIST(0); } + + /* + * Destroy the fetchlock mutex that was created in + * ns_query_init(). + */ + DESTROYLOCK(&client->query.fetchlock); + isc_mem_putanddetach(&client->mctx, client, sizeof(*client)); } @@ -1283,7 +1291,6 @@ client_addopt(ns_client_t *client) { (ns_g_server->server_id != NULL || ns_g_server->server_usehostname)) { if (ns_g_server->server_usehostname) { - isc_result_t result; result = ns_os_gethostname(nsid, sizeof(nsid)); if (result != ISC_R_SUCCESS) { goto no_nsid; @@ -1677,8 +1684,18 @@ client_request(isc_task_t *task, isc_event_t *event) { /* * Deal with EDNS. */ - opt = dns_message_getopt(client->message); + if (ns_g_noedns) + opt = NULL; + else + opt = dns_message_getopt(client->message); if (opt != NULL) { + /* + * Are we dropping all EDNS queries? + */ + if (ns_g_dropedns) { + ns_client_next(client, ISC_R_SUCCESS); + goto cleanup; + } result = process_opt(client, opt); if (result != ISC_R_SUCCESS) goto cleanup; diff --git a/bin/named/config.c b/bin/named/config.c index ebc48cfc464e..a32f12e660ae 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -522,6 +522,13 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, REQUIRE(keysp != NULL && *keysp == NULL); REQUIRE(countp != NULL); + /* + * Get system defaults. + */ + result = ns_config_getport(config, &port); + if (result != ISC_R_SUCCESS) + goto cleanup; + newlist: addrlist = cfg_tuple_get(list, "addresses"); portobj = cfg_tuple_get(list, "port"); @@ -534,10 +541,6 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, goto cleanup; } port = (in_port_t) val; - } else { - result = ns_config_getport(config, &port); - if (result != ISC_R_SUCCESS) - goto cleanup; } result = ISC_R_NOMEMORY; diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h index a9174f3e31c4..b215408000e6 100644 --- a/bin/named/include/named/globals.h +++ b/bin/named/include/named/globals.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -157,9 +157,15 @@ EXTERN int ns_g_listen INIT(3); EXTERN isc_time_t ns_g_boottime; EXTERN isc_boolean_t ns_g_memstatistics INIT(ISC_FALSE); EXTERN isc_boolean_t ns_g_clienttest INIT(ISC_FALSE); +EXTERN isc_boolean_t ns_g_dropedns INIT(ISC_FALSE); +EXTERN isc_boolean_t ns_g_noedns INIT(ISC_FALSE); EXTERN isc_boolean_t ns_g_nosoa INIT(ISC_FALSE); EXTERN isc_boolean_t ns_g_noaa INIT(ISC_FALSE); EXTERN isc_boolean_t ns_g_nonearest INIT(ISC_FALSE); +EXTERN isc_boolean_t ns_g_notcp INIT(ISC_FALSE); +EXTERN isc_boolean_t ns_g_disable6 INIT(ISC_FALSE); +EXTERN isc_boolean_t ns_g_disable4 INIT(ISC_FALSE); + #undef EXTERN #undef INIT diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c index 514d702978a9..850222ad02bf 100644 --- a/bin/named/interfacemgr.c +++ b/bin/named/interfacemgr.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -392,7 +392,7 @@ ns_interface_setup(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr, if (result != ISC_R_SUCCESS) goto cleanup_interface; - if (accept_tcp == ISC_TRUE) { + if (!ns_g_notcp && accept_tcp == ISC_TRUE) { result = ns_interface_accepttcp(ifp); if (result != ISC_R_SUCCESS) { /* @@ -638,7 +638,7 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, if (isc_net_probeipv6() == ISC_R_SUCCESS) scan_ipv6 = ISC_TRUE; #ifdef WANT_IPV6 - else + else if (!ns_g_disable6) isc_log_write(IFMGR_COMMON_LOGARGS, verbose ? ISC_LOG_INFO : ISC_LOG_DEBUG(1), "no IPv6 interfaces found"); @@ -646,7 +646,7 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen, if (isc_net_probeipv4() == ISC_R_SUCCESS) scan_ipv4 = ISC_TRUE; - else + else if (!ns_g_disable4) isc_log_write(IFMGR_COMMON_LOGARGS, verbose ? ISC_LOG_INFO : ISC_LOG_DEBUG(1), "no IPv4 interfaces found"); diff --git a/bin/named/main.c b/bin/named/main.c index 599c142fd498..6e340cc13c49 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -51,6 +51,10 @@ #include <dlz/dlz_dlopen_driver.h> +#ifdef HAVE_GPERFTOOLS_PROFILER +#include <gperftools/profiler.h> +#endif + /* * Defining NS_MAIN provides storage declarations (rather than extern) * for variables in named/globals.h. @@ -72,6 +76,7 @@ #ifdef OPENSSL #include <openssl/opensslv.h> +#include <openssl/crypto.h> #endif #ifdef HAVE_LIBXML2 #include <libxml/xmlversion.h> @@ -95,6 +100,10 @@ #define BACKTRACE_MAXFRAME 128 #endif +extern unsigned int dns_zone_mkey_hour; +extern unsigned int dns_zone_mkey_day; +extern unsigned int dns_zone_mkey_month; + static isc_boolean_t want_stats = ISC_FALSE; static char program_name[ISC_DIR_NAMEMAX] = "named"; static char absolute_conffile[ISC_DIR_PATHMAX]; @@ -409,8 +418,6 @@ parse_command_line(int argc, char *argv[]) { int ch; int port; const char *p; - isc_boolean_t disable6 = ISC_FALSE; - isc_boolean_t disable4 = ISC_FALSE; save_command_line(argc, argv); @@ -420,20 +427,20 @@ parse_command_line(int argc, char *argv[]) { while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) { switch (ch) { case '4': - if (disable4) + if (ns_g_disable4) ns_main_earlyfatal("cannot specify -4 and -6"); if (isc_net_probeipv4() != ISC_R_SUCCESS) ns_main_earlyfatal("IPv4 not supported by OS"); isc_net_disableipv6(); - disable6 = ISC_TRUE; + ns_g_disable6 = ISC_TRUE; break; case '6': - if (disable6) + if (ns_g_disable6) ns_main_earlyfatal("cannot specify -4 and -6"); if (isc_net_probeipv6() != ISC_R_SUCCESS) ns_main_earlyfatal("IPv6 not supported by OS"); isc_net_disableipv4(); - disable4 = ISC_TRUE; + ns_g_disable4 = ISC_TRUE; break; case 'c': ns_g_conffile = isc_commandline_argument; @@ -522,10 +529,50 @@ parse_command_line(int argc, char *argv[]) { maxudp = 512; else if (!strcmp(isc_commandline_argument, "maxudp1460")) maxudp = 1460; + else if (!strcmp(isc_commandline_argument, "dropedns")) + ns_g_dropedns = ISC_TRUE; + else if (!strcmp(isc_commandline_argument, "noedns")) + ns_g_noedns = ISC_TRUE; + else if (!strncmp(isc_commandline_argument, + "maxudp=", 7)) + maxudp = atoi(isc_commandline_argument + 7); else if (!strcmp(isc_commandline_argument, "nosyslog")) ns_g_nosyslog = ISC_TRUE; else if (!strcmp(isc_commandline_argument, "nonearest")) ns_g_nonearest = ISC_TRUE; + else if (!strncmp(isc_commandline_argument, + "mkeytimers=", 11)) + { + p = strtok(isc_commandline_argument + 11, "/"); + if (p == NULL) + ns_main_earlyfatal("bad mkeytimer"); + dns_zone_mkey_hour = atoi(p); + if (dns_zone_mkey_hour == 0) + ns_main_earlyfatal("bad mkeytimer"); + + p = strtok(NULL, "/"); + if (p == NULL) { + dns_zone_mkey_day = + (24 * dns_zone_mkey_hour); + dns_zone_mkey_month = + (30 * dns_zone_mkey_day); + break; + } + dns_zone_mkey_day = atoi(p); + if (dns_zone_mkey_day < dns_zone_mkey_hour) + ns_main_earlyfatal("bad mkeytimer"); + + p = strtok(NULL, "/"); + if (p == NULL) { + dns_zone_mkey_month = + (30 * dns_zone_mkey_day); + break; + } + dns_zone_mkey_month = atoi(p); + if (dns_zone_mkey_month < dns_zone_mkey_day) + ns_main_earlyfatal("bad mkeytimer"); + } else if (!strcmp(isc_commandline_argument, "notcp")) + ns_g_notcp = ISC_TRUE; else fprintf(stderr, "unknown -T flag '%s\n", isc_commandline_argument); @@ -568,12 +615,20 @@ parse_command_line(int argc, char *argv[]) { printf("compiled by Solaris Studio %x\n", __SUNPRO_C); #endif #ifdef OPENSSL - printf("using OpenSSL version: %s\n", + printf("compiled with OpenSSL version: %s\n", OPENSSL_VERSION_TEXT); +#ifndef WIN32 + printf("linked to OpenSSL version: %s\n", + SSLeay_version(SSLEAY_VERSION)); +#endif #endif #ifdef HAVE_LIBXML2 - printf("using libxml2 version: %s\n", + printf("compiled with libxml2 version: %s\n", LIBXML_DOTTED_VERSION); +#ifndef WIN32 + printf("linked to libxml2 version: %s\n", + xmlParserVersion); +#endif #endif exit(0); case 'F': @@ -1080,6 +1135,10 @@ main(int argc, char *argv[]) { char *instance = NULL; #endif +#ifdef HAVE_GPERFTOOLS_PROFILER + (void) ProfilerStart(NULL); +#endif + /* * Record version in core image. * strings named.core | grep "named version:" @@ -1196,5 +1255,9 @@ main(int argc, char *argv[]) { ns_os_shutdown(); +#ifdef HAVE_GPERFTOOLS_PROFILER + ProfilerStop(); +#endif + return (0); } diff --git a/bin/named/named.html b/bin/named/named.html index 218639991fa6..0c1abf1894fb 100644 --- a/bin/named/named.html +++ b/bin/named/named.html @@ -261,7 +261,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544205"></a><h2>CONFIGURATION</h2> +<a name="id2544137"></a><h2>CONFIGURATION</h2> <p> The <span><strong class="command">named</strong></span> configuration file is too complex to describe in detail here. A complete description is provided diff --git a/bin/named/query.c b/bin/named/query.c index af8e5da8204d..706fdecd664d 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -614,6 +614,10 @@ ns_query_init(ns_client_t *client) { client->query.timerset = ISC_FALSE; client->query.rpz_st = NULL; client->query.qname = NULL; + /* + * This mutex is destroyed when the client is destroyed in + * exit_check(). + */ result = isc_mutex_init(&client->query.fetchlock); if (result != ISC_R_SUCCESS) return (result); @@ -633,8 +637,10 @@ ns_query_init(ns_client_t *client) { return (result); } result = query_newnamebuf(client); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { query_freefreeversions(client, ISC_TRUE); + DESTROYLOCK(&client->query.fetchlock); + } return (result); } @@ -4731,6 +4737,8 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult, DNS_RPZ_DONE_IPv4); break; case DNS_R_DELEGATION: + case DNS_R_DUPLICATE: + case DNS_R_DROP: goto cleanup; case DNS_R_EMPTYNAME: case DNS_R_NXRRSET: @@ -4749,12 +4757,13 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult, case ISC_R_FAILURE: rpz_rewrite_ns_skip(client, nsname, result, DNS_RPZ_DEBUG_LEVEL3, - "NS db_find() "); + " NS rpz_rrset_find() "); continue; default: rpz_rewrite_ns_skip(client, nsname, result, DNS_RPZ_INFO_LEVEL, - "unrecognized NS db_find() "); + " unrecognized NS" + " rpz_rrset_find() "); continue; } } @@ -5453,7 +5462,7 @@ dns64_aaaaok(ns_client_t *client, dns_rdataset_t *rdataset, * Only perform the update if the client is in the allow query acl and * returning the update would not cause a DNSSEC validation failure. */ -static isc_boolean_t +static isc_result_t redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset, dns_dbnode_t **nodep, dns_db_t **dbp, dns_dbversion_t **versionp, dns_rdatatype_t qtype) @@ -5472,7 +5481,7 @@ redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset, CTRACE("redirect"); if (client->view->redirect == NULL) - return (ISC_FALSE); + return (ISC_R_NOTFOUND); dns_fixedname_init(&fixed); found = dns_fixedname_name(&fixed); @@ -5482,15 +5491,15 @@ redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset, dns_clientinfo_init(&ci, client); if (WANTDNSSEC(client) && dns_db_iszone(*dbp) && dns_db_issecure(*dbp)) - return (ISC_FALSE); + return (ISC_R_NOTFOUND); if (WANTDNSSEC(client) && dns_rdataset_isassociated(rdataset)) { if (rdataset->trust == dns_trust_secure) - return (ISC_FALSE); + return (ISC_R_NOTFOUND); if (rdataset->trust == dns_trust_ultimate && (rdataset->type == dns_rdatatype_nsec || rdataset->type == dns_rdatatype_nsec3)) - return (ISC_FALSE); + return (ISC_R_NOTFOUND); if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) { for (result = dns_rdataset_first(rdataset); result == ISC_R_SUCCESS; @@ -5501,7 +5510,7 @@ redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset, if (type == dns_rdatatype_nsec || type == dns_rdatatype_nsec3 || type == dns_rdatatype_rrsig) - return (ISC_FALSE); + return (ISC_R_NOTFOUND); } } } @@ -5510,16 +5519,16 @@ redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset, dns_zone_getqueryacl(client->view->redirect), ISC_TRUE); if (result != ISC_R_SUCCESS) - return (ISC_FALSE); + return (ISC_R_NOTFOUND); result = dns_zone_getdb(client->view->redirect, &db); if (result != ISC_R_SUCCESS) - return (ISC_FALSE); + return (ISC_R_NOTFOUND); dbversion = query_findversion(client, db); if (dbversion == NULL) { dns_db_detach(&db); - return (ISC_FALSE); + return (ISC_R_NOTFOUND); } /* @@ -5528,16 +5537,22 @@ redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset, result = dns_db_findext(db, client->query.qname, dbversion->version, qtype, 0, client->now, &node, found, &cm, &ci, &trdataset, NULL); - if (result != ISC_R_SUCCESS) { + if (result == DNS_R_NXRRSET || result == DNS_R_NCACHENXRRSET) { + if (dns_rdataset_isassociated(rdataset)) + dns_rdataset_disassociate(rdataset); + if (dns_rdataset_isassociated(&trdataset)) + dns_rdataset_disassociate(&trdataset); + goto nxrrset; + } else if (result != ISC_R_SUCCESS) { if (dns_rdataset_isassociated(&trdataset)) dns_rdataset_disassociate(&trdataset); if (node != NULL) dns_db_detachnode(db, &node); dns_db_detach(&db); - return (ISC_FALSE); + return (ISC_R_NOTFOUND); } - CTRACE("redirect: found data: done"); + CTRACE("redirect: found data: done"); dns_name_copy(found, name, NULL); if (dns_rdataset_isassociated(rdataset)) dns_rdataset_disassociate(rdataset); @@ -5545,6 +5560,7 @@ redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset, dns_rdataset_clone(&trdataset, rdataset); dns_rdataset_disassociate(&trdataset); } + nxrrset: if (*nodep != NULL) dns_db_detachnode(*dbp, nodep); dns_db_detach(dbp); @@ -5557,7 +5573,7 @@ redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset, client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | NS_QUERYATTR_NOADDITIONAL); - return (ISC_TRUE); + return (result); } /* @@ -5584,7 +5600,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) int order; isc_buffer_t *dbuf; isc_buffer_t b; - isc_result_t result, eresult; + isc_result_t result, eresult, tresult; dns_fixedname_t fixed; dns_fixedname_t wildcardname; dns_dbversion_t *version, *zversion; @@ -5599,6 +5615,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) int line = -1; isc_boolean_t dns64_exclude, dns64; isc_boolean_t nxrewrite = ISC_FALSE; + isc_boolean_t redirected = ISC_FALSE; dns_clientinfomethods_t cm; dns_clientinfo_t ci; isc_boolean_t associated; @@ -5785,7 +5802,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) dns_db_t *tdb = NULL; dns_zone_t *tzone = NULL; dns_dbversion_t *tversion = NULL; - isc_result_t tresult; tresult = query_getzonedb(client, client->query.qname, qtype, DNS_GETDB_PARTIAL, &tzone, &tdb, @@ -6275,8 +6291,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * We're authoritative for an ancestor of QNAME. */ if (!USECACHE(client) || !RECURSIONOK(client)) { - dns_fixedname_t fixed; - dns_fixedname_init(&fixed); dns_name_copy(fname, dns_fixedname_name(&fixed), NULL); @@ -6422,8 +6436,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) else RECURSE_ERROR(result); } else { - dns_fixedname_t fixed; - dns_fixedname_init(&fixed); dns_name_copy(fname, dns_fixedname_name(&fixed), NULL); @@ -6538,6 +6550,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * Look for a NSEC3 record if we don't have a NSEC record. */ nxrrset_rrsig: + if (redirected) + goto cleanup; if (!dns_rdataset_isassociated(rdataset) && WANTDNSSEC(client)) { if ((fname->attributes & DNS_NAMEATTR_WILDCARD) == 0) { @@ -6658,10 +6672,21 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) case DNS_R_NXDOMAIN: INSIST(is_zone); - if (!empty_wild && - redirect(client, fname, rdataset, &node, &db, &version, - type)) - break; + if (!empty_wild) { + tresult = redirect(client, fname, rdataset, &node, + &db, &version, type); + if (tresult == ISC_R_SUCCESS) + break; + if (tresult == DNS_R_NXRRSET) { + redirected = ISC_TRUE; + goto iszone_nxrrset; + } + if (tresult == DNS_R_NCACHENXRRSET) { + redirected = ISC_TRUE; + is_zone = ISC_FALSE; + goto ncache_nxrrset; + } + } if (dns_rdataset_isassociated(rdataset)) { /* * If we've got a NSEC record, we need to save the @@ -6724,9 +6749,22 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) goto cleanup; case DNS_R_NCACHENXDOMAIN: - if (redirect(client, fname, rdataset, &node, &db, &version, - type)) + tresult = redirect(client, fname, rdataset, &node, + &db, &version, type); + if (tresult == ISC_R_SUCCESS) break; + if (tresult == DNS_R_NXRRSET) { + redirected = ISC_TRUE; + is_zone = ISC_TRUE; + goto iszone_nxrrset; + } + if (tresult == DNS_R_NCACHENXRRSET) { + redirected = ISC_TRUE; + result = tresult; + goto ncache_nxrrset; + } + /* FALLTHROUGH */ + case DNS_R_NCACHENXRRSET: ncache_nxrrset: INSIST(!is_zone); diff --git a/bin/named/server.c b/bin/named/server.c index 84e3ecf32108..84b4067bf400 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id$ */ - /*! \file */ #include <config.h> @@ -2017,16 +2015,19 @@ create_empty_zone(dns_zone_t *zone, dns_name_t *name, dns_view_t *view, dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS, ISC_TRUE); dns_zone_setnotifytype(zone, dns_notifytype_no); dns_zone_setdialup(zone, dns_dialuptype_no); - if (view->queryacl) + if (view->queryacl != NULL) dns_zone_setqueryacl(zone, view->queryacl); else dns_zone_clearqueryacl(zone); - if (view->queryonacl) + if (view->queryonacl != NULL) dns_zone_setqueryonacl(zone, view->queryonacl); else dns_zone_clearqueryonacl(zone); dns_zone_clearupdateacl(zone); - dns_zone_clearxfracl(zone); + if (view->transferacl != NULL) + dns_zone_setxfracl(zone, view->transferacl); + else + dns_zone_clearxfracl(zone); CHECK(setquerystats(zone, view->mctx, statlevel)); if (db != NULL) { @@ -2052,6 +2053,9 @@ create_empty_zone(dns_zone_t *zone, dns_name_t *name, dns_view_t *view, dns_db_closeversion(db, &version, ISC_FALSE); if (db != NULL) dns_db_detach(&db); + + INSIST(version == NULL); + return (result); } @@ -2423,7 +2427,6 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, result = ns_config_get(maps, "dns64", &obj); if (result == ISC_R_SUCCESS && strcmp(view->name, "_bind") && strcmp(view->name, "_meta")) { - const cfg_listelt_t *element; isc_netaddr_t na, suffix, *sp; unsigned int prefixlen; const char *server, *contact; @@ -2894,7 +2897,6 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, */ { const cfg_obj_t *peers = NULL; - const cfg_listelt_t *element; dns_peerlist_t *newpeers = NULL; (void)ns_config_get(cfgmaps, "server", &peers); @@ -2919,7 +2921,6 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, */ { const cfg_obj_t *rrsetorder = NULL; - const cfg_listelt_t *element; (void)ns_config_get(maps, "rrset-order", &rrsetorder); CHECK(dns_order_create(mctx, &order)); @@ -3219,18 +3220,13 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, element != NULL; element = cfg_list_next(element)) { - const char *str; - isc_buffer_t b; dns_name_t *dlv; obj = cfg_listelt_value(element); - str = cfg_obj_asstring(cfg_tuple_get(obj, - "trust-anchor")); - isc_buffer_constinit(&b, str, strlen(str)); - isc_buffer_add(&b, strlen(str)); + obj = cfg_tuple_get(obj, "trust-anchor"); dlv = dns_fixedname_name(&view->dlv_fixed); - CHECK(dns_name_fromtext(dlv, &b, dns_rootname, - DNS_NAME_DOWNCASE, NULL)); + CHECK(dns_name_fromstring(dlv, cfg_obj_asstring(obj), + DNS_NAME_DOWNCASE, NULL)); view->dlv = dns_fixedname_name(&view->dlv_fixed); } } else @@ -3264,28 +3260,22 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "root-delegation-only", &obj); if (result == ISC_R_SUCCESS) { + dns_fixedname_t fixed; + dns_name_t *name; + const cfg_obj_t *exclude; + dns_view_setrootdelonly(view, ISC_TRUE); - if (!cfg_obj_isvoid(obj)) { - dns_fixedname_t fixed; - dns_name_t *name; - isc_buffer_t b; - const char *str; - const cfg_obj_t *exclude; - dns_fixedname_init(&fixed); - name = dns_fixedname_name(&fixed); - for (element = cfg_list_first(obj); - element != NULL; - element = cfg_list_next(element)) { - exclude = cfg_listelt_value(element); - str = cfg_obj_asstring(exclude); - isc_buffer_constinit(&b, str, strlen(str)); - isc_buffer_add(&b, strlen(str)); - CHECK(dns_name_fromtext(name, &b, dns_rootname, - 0, NULL)); - CHECK(dns_view_excludedelegationonly(view, - name)); - } + dns_fixedname_init(&fixed); + name = dns_fixedname_name(&fixed); + for (element = cfg_list_first(obj); + element != NULL; + element = cfg_list_next(element)) { + exclude = cfg_listelt_value(element); + CHECK(dns_name_fromstring(name, + cfg_obj_asstring(exclude), + 0, NULL)); + CHECK(dns_view_excludedelegationonly(view, name)); } } else dns_view_setrootdelonly(view, ISC_FALSE); @@ -3314,7 +3304,6 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, dns_fixedname_t fixed; dns_name_t *name; isc_buffer_t buffer; - const char *str; char server[DNS_NAME_FORMATSIZE + 1]; char contact[DNS_NAME_FORMATSIZE + 1]; const char *empty_dbtype[4] = @@ -3328,11 +3317,8 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "empty-server", &obj); if (result == ISC_R_SUCCESS) { - str = cfg_obj_asstring(obj); - isc_buffer_constinit(&buffer, str, strlen(str)); - isc_buffer_add(&buffer, strlen(str)); - CHECK(dns_name_fromtext(name, &buffer, dns_rootname, 0, - NULL)); + CHECK(dns_name_fromstring(name, cfg_obj_asstring(obj), + 0, NULL)); isc_buffer_init(&buffer, server, sizeof(server) - 1); CHECK(dns_name_totext(name, ISC_FALSE, &buffer)); server[isc_buffer_usedlength(&buffer)] = 0; @@ -3343,11 +3329,8 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "empty-contact", &obj); if (result == ISC_R_SUCCESS) { - str = cfg_obj_asstring(obj); - isc_buffer_constinit(&buffer, str, strlen(str)); - isc_buffer_add(&buffer, strlen(str)); - CHECK(dns_name_fromtext(name, &buffer, dns_rootname, 0, - NULL)); + CHECK(dns_name_fromstring(name, cfg_obj_asstring(obj), + 0, NULL)); isc_buffer_init(&buffer, contact, sizeof(contact) - 1); CHECK(dns_name_totext(name, ISC_FALSE, &buffer)); contact[isc_buffer_usedlength(&buffer)] = 0; @@ -3379,16 +3362,12 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, empty != NULL; empty = empty_zones[++empty_zone]) { - dns_forwarders_t *forwarders = NULL; - dns_view_t *pview = NULL; + dns_forwarders_t *dnsforwarders = NULL; - isc_buffer_constinit(&buffer, empty, strlen(empty)); - isc_buffer_add(&buffer, strlen(empty)); /* * Look for zone on drop list. */ - CHECK(dns_name_fromtext(name, &buffer, dns_rootname, 0, - NULL)); + CHECK(dns_name_fromstring(name, empty, 0, NULL)); if (disablelist != NULL && on_disable_list(disablelist, name)) continue; @@ -3407,9 +3386,9 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, * empty zone for it. */ result = dns_fwdtable_find(view->fwdtable, name, - &forwarders); + &dnsforwarders); if (result == ISC_R_SUCCESS && - forwarders->fwdpolicy == dns_fwdpolicy_only) + dnsforwarders->fwdpolicy == dns_fwdpolicy_only) continue; /* @@ -3860,16 +3839,8 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, if (dns_name_equal(origin, dns_rootname)) { const char *hintsfile = cfg_obj_asstring(fileobj); - result = configure_hints(view, hintsfile); - if (result != ISC_R_SUCCESS) { - isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, - NS_LOGMODULE_SERVER, - ISC_LOG_ERROR, - "could not configure root hints " - "from '%s': %s", hintsfile, - isc_result_totext(result)); - goto cleanup; - } + CHECK(configure_hints(view, hintsfile)); + /* * Hint zones may also refer to delegation only points. */ @@ -5158,10 +5129,11 @@ load_configuration(const char *filename, ns_server_t *server, isc_portset_addrange(v4portset, udpport_low, udpport_high); } - isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, - NS_LOGMODULE_SERVER, ISC_LOG_INFO, - "using default UDP/IPv4 port range: [%d, %d]", - udpport_low, udpport_high); + if (!ns_g_disable4) + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "using default UDP/IPv4 port range: " + "[%d, %d]", udpport_low, udpport_high); } (void)ns_config_get(maps, "avoid-v4-udp-ports", &avoidv4ports); if (avoidv4ports != NULL) @@ -5180,10 +5152,11 @@ load_configuration(const char *filename, ns_server_t *server, isc_portset_addrange(v6portset, udpport_low, udpport_high); } - isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, - NS_LOGMODULE_SERVER, ISC_LOG_INFO, - "using default UDP/IPv6 port range: [%d, %d]", - udpport_low, udpport_high); + if (!ns_g_disable6) + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "using default UDP/IPv6 port range: " + "[%d, %d]", udpport_low, udpport_high); } (void)ns_config_get(maps, "avoid-v6-udp-ports", &avoidv6ports); if (avoidv6ports != NULL) @@ -5684,7 +5657,6 @@ load_configuration(const char *filename, ns_server_t *server, (void)cfg_map_get(logobj, "category", &categories); if (categories != NULL) { - const cfg_listelt_t *element; for (element = cfg_list_first(categories); element != NULL; element = cfg_list_next(element)) @@ -6650,7 +6622,7 @@ zone_from_args(ns_server_t *server, char *args, const char *zonetxt, tresult = putstr(text, problem); if (tresult == ISC_R_SUCCESS) - putnull(text); + (void) putnull(text); } cleanup: @@ -7397,7 +7369,7 @@ ns_server_validation(ns_server_t *server, char *args) { continue; result = dns_view_flushcache(view); if (result != ISC_R_SUCCESS) - goto out; + goto cleanup; view->enablevalidation = enable; changed = ISC_TRUE; } @@ -7405,7 +7377,7 @@ ns_server_validation(ns_server_t *server, char *args) { result = ISC_R_SUCCESS; else result = ISC_R_FAILURE; - out: + cleanup: isc_task_endexclusive(server->task); return (result); } @@ -7810,7 +7782,6 @@ list_keynames(dns_view_t *view, dns_tsig_keyring_t *ring, isc_buffer_t *text, dns_name_t *origin; dns_rbtnode_t *node; dns_tsigkey_t *tkey; - unsigned int n; const char *viewname; if (view != NULL) @@ -7844,21 +7815,26 @@ list_keynames(dns_view_t *view, dns_tsig_keyring_t *ring, isc_buffer_t *text, if (tkey->generated) { dns_name_format(tkey->creator, creatorstr, sizeof(creatorstr)); - n = snprintf((char *)isc_buffer_used(text), - isc_buffer_availablelength(text), - "view \"%s\"; type \"dynamic\"; key \"%s\"; creator \"%s\";\n", - viewname, namestr, creatorstr); + if (*foundkeys != 0) + CHECK(putstr(text, "\n")); + CHECK(putstr(text, "view \"")); + CHECK(putstr(text, viewname)); + CHECK(putstr(text, + "\"; type \"dynamic\"; key \"")); + CHECK(putstr(text, namestr)); + CHECK(putstr(text, "\"; creator \"")); + CHECK(putstr(text, creatorstr)); + CHECK(putstr(text, "\";")); } else { - n = snprintf((char *)isc_buffer_used(text), - isc_buffer_availablelength(text), - "view \"%s\"; type \"static\"; key \"%s\";\n", - viewname, namestr); + if (*foundkeys != 0) + CHECK(putstr(text, "\n")); + CHECK(putstr(text, "view \"")); + CHECK(putstr(text, viewname)); + CHECK(putstr(text, + "\"; type \"static\"; key \"")); + CHECK(putstr(text, namestr)); + CHECK(putstr(text, "\";")); } - if (n >= isc_buffer_availablelength(text)) { - dns_rbtnodechain_invalidate(&chain); - return (ISC_R_NOSPACE); - } - isc_buffer_add(text, n); } result = dns_rbtnodechain_next(&chain, &foundname, origin); if (result == ISC_R_NOMORE) @@ -7870,12 +7846,14 @@ list_keynames(dns_view_t *view, dns_tsig_keyring_t *ring, isc_buffer_t *text, } return (ISC_R_SUCCESS); + +cleanup: + return (result); } isc_result_t ns_server_tsiglist(ns_server_t *server, isc_buffer_t *text) { isc_result_t result; - unsigned int n; dns_view_t *view; unsigned int foundkeys = 0; @@ -7903,16 +7881,16 @@ ns_server_tsiglist(ns_server_t *server, isc_buffer_t *text) { } isc_task_endexclusive(server->task); - if (foundkeys == 0) { - n = snprintf((char *)isc_buffer_used(text), - isc_buffer_availablelength(text), - "no tsig keys found.\n"); - if (n >= isc_buffer_availablelength(text)) - return (ISC_R_NOSPACE); - isc_buffer_add(text, n); - } + if (foundkeys == 0) + CHECK(putstr(text, "no tsig keys found.")); + + if (isc_buffer_usedlength(text) > 0) + CHECK(putnull(text)); return (ISC_R_SUCCESS); + + cleanup: + return (result); } /* @@ -8575,6 +8553,16 @@ ns_server_del_zone(ns_server_t *server, char *args, isc_buffer_t *text) { result = isc_stdio_read(buf, 1, 1024, ifp, &n); } + /* + * Close files before overwriting the nzfile + * with the temporary file as it's necessary on + * some platforms (win32). + */ + (void) isc_stdio_close(ifp); + ifp = NULL; + (void) isc_stdio_close(ofp); + ofp = NULL; + /* Move temporary into place */ CHECK(isc_file_rename(tmpname, view->new_zone_file)); } else { @@ -8605,12 +8593,12 @@ ns_server_del_zone(ns_server_t *server, char *args, isc_buffer_t *text) { putnull(text); if (ifp != NULL) isc_stdio_close(ifp); - if (ofp != NULL) { + if (ofp != NULL) isc_stdio_close(ofp); + if (tmpname != NULL) { isc_file_remove(tmpname); - } - if (tmpname != NULL) isc_mem_free(server->mctx, tmpname); + } if (zone != NULL) dns_zone_detach(&zone); @@ -8656,7 +8644,7 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) { isc_boolean_t first = ISC_TRUE; isc_boolean_t list = ISC_FALSE, clear = ISC_FALSE; isc_boolean_t chain = ISC_FALSE; - char keystr[DNS_SECALG_FORMATSIZE + 7]; + char keystr[DNS_SECALG_FORMATSIZE + 7]; /* <5-digit keyid>/<alg> */ unsigned short hash = 0, flags = 0, iter = 0, saltlen = 0; unsigned char salt[255]; const char *ptr; @@ -8682,7 +8670,7 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) { ptr = next_token(&args, " \t"); if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); - memmove(keystr, ptr, sizeof(keystr)); + strlcpy(keystr, ptr, sizeof(keystr)); } else if (strcasecmp(ptr, "-nsec3param") == 0) { const char *hashstr, *flagstr, *iterstr; char nbuf[512]; diff --git a/bin/named/update.c b/bin/named/update.c index 01e3c58de573..a526b02a1024 100644 --- a/bin/named/update.c +++ b/bin/named/update.c @@ -3239,6 +3239,8 @@ update_action(isc_task_t *task, isc_event_t *event) { uev->ev_type = DNS_EVENT_UPDATEDONE; uev->ev_action = updatedone_action; isc_task_send(client->task, &event); + + INSIST(ver == NULL); INSIST(event == NULL); } diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index b3839762d336..5b473d1b2951 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id$ */ - /*% */ #include <config.h> @@ -710,6 +708,8 @@ configure_staticstub(const cfg_obj_t *zconfig, dns_zone_t *zone, } } + INSIST(dbversion == NULL); + return (result); } |